luna - curl/lib/http.c

   1/***************************************************************************
   2 *                                  _   _ ____  _
   3 *  Project                     ___| | | |  _ \| |
   4 *                             / __| | | | |_) | |
   5 *                            | (__| |_| |  _ <| |___
   6 *                             \___|\___/|_| \_\_____|
   7 *
   8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
   9 *
  10 * This software is licensed as described in the file COPYING, which
  11 * you should have received as part of this distribution. The terms
  12 * are also available at https://curl.se/docs/copyright.html.
  13 *
  14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15 * copies of the Software, and permit persons to whom the Software is
  16 * furnished to do so, under the terms of the COPYING file.
  17 *
  18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19 * KIND, either express or implied.
  20 *
  21 * SPDX-License-Identifier: curl
  22 *
  23 ***************************************************************************/
  24#include "curl_setup.h"
  25#include "urldata.h"
  26
  27#ifndef CURL_DISABLE_HTTP
  28
  29#ifdef HAVE_NETINET_IN_H
  30#include <netinet/in.h>
  31#endif
  32
  33#ifdef HAVE_NETDB_H
  34#include <netdb.h>
  35#endif
  36#ifdef HAVE_ARPA_INET_H
  37#include <arpa/inet.h>
  38#endif
  39#ifdef HAVE_NET_IF_H
  40#include <net/if.h>
  41#endif
  42#ifdef HAVE_SYS_IOCTL_H
  43#include <sys/ioctl.h>
  44#endif
  45
  46#ifdef HAVE_SYS_PARAM_H
  47#include <sys/param.h>
  48#endif
  49
  50#include "transfer.h"
  51#include "sendf.h"
  52#include "curl_trc.h"
  53#include "formdata.h"
  54#include "mime.h"
  55#include "progress.h"
  56#include "curlx/base64.h"
  57#include "cookie.h"
  58#include "vauth/vauth.h"
  59#include "vquic/vquic.h"
  60#include "http_digest.h"
  61#include "http_ntlm.h"
  62#include "http_negotiate.h"
  63#include "http_aws_sigv4.h"
  64#include "url.h"
  65#include "urlapi-int.h"
  66#include "curl_share.h"
  67#include "hostip.h"
  68#include "dynhds.h"
  69#include "http.h"
  70#include "headers.h"
  71#include "select.h"
  72#include "parsedate.h" /* for the week day and month names */
  73#include "multiif.h"
  74#include "strcase.h"
  75#include "content_encoding.h"
  76#include "http_proxy.h"
  77#include "http2.h"
  78#include "cfilters.h"
  79#include "connect.h"
  80#include "curlx/strdup.h"
  81#include "altsvc.h"
  82#include "hsts.h"
  83#include "rtsp.h"
  84#include "ws.h"
  85#include "bufref.h"
  86#include "curlx/strparse.h"
  87
  88void Curl_http_neg_init(struct Curl_easy *data, struct http_negotiation *neg)
  89{
  90  memset(neg, 0, sizeof(*neg));
  91  neg->accept_09 = data->set.http09_allowed;
  92  switch(data->set.httpwant) {
  93  case CURL_HTTP_VERSION_1_0:
  94    neg->wanted = neg->allowed = (CURL_HTTP_V1x);
  95    neg->only_10 = TRUE;
  96    break;
  97  case CURL_HTTP_VERSION_1_1:
  98    neg->wanted = neg->allowed = (CURL_HTTP_V1x);
  99    break;
 100  case CURL_HTTP_VERSION_2_0:
 101    neg->wanted = neg->allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x);
 102    neg->h2_upgrade = TRUE;
 103    break;
 104  case CURL_HTTP_VERSION_2TLS:
 105    neg->wanted = neg->allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x);
 106    break;
 107  case CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE:
 108    neg->wanted = neg->allowed = (CURL_HTTP_V2x);
 109    data->state.http_neg.h2_prior_knowledge = TRUE;
 110    break;
 111  case CURL_HTTP_VERSION_3:
 112    neg->wanted = (CURL_HTTP_V1x | CURL_HTTP_V2x | CURL_HTTP_V3x);
 113    neg->allowed = neg->wanted;
 114    break;
 115  case CURL_HTTP_VERSION_3ONLY:
 116    neg->wanted = neg->allowed = (CURL_HTTP_V3x);
 117    break;
 118  case CURL_HTTP_VERSION_NONE:
 119  default:
 120    neg->wanted = (CURL_HTTP_V1x | CURL_HTTP_V2x);
 121    neg->allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x | CURL_HTTP_V3x);
 122    break;
 123  }
 124}
 125
 126CURLcode Curl_http_setup_conn(struct Curl_easy *data,
 127                              struct connectdata *conn)
 128{
 129  /* allocate the HTTP-specific struct for the Curl_easy, only to survive
 130     during this request */
 131  if(data->state.http_neg.wanted == CURL_HTTP_V3x) {
 132    /* only HTTP/3, needs to work */
 133    CURLcode result = Curl_conn_may_http3(data, conn, conn->transport_wanted);
 134    if(result)
 135      return result;
 136  }
 137  return CURLE_OK;
 138}
 139
 140#ifndef CURL_DISABLE_PROXY
 141/*
 142 * checkProxyHeaders() checks the linked list of custom proxy headers
 143 * if proxy headers are not available, then it will lookup into http header
 144 * link list
 145 *
 146 * It takes a connectdata struct as input to see if this is a proxy request or
 147 * not, as it then might check a different header list. Provide the header
 148 * prefix without colon!
 149 */
 150char *Curl_checkProxyheaders(struct Curl_easy *data,
 151                             const struct connectdata *conn,
 152                             const char *thisheader,
 153                             const size_t thislen)
 154{
 155  struct curl_slist *head;
 156
 157  for(head = (conn->bits.proxy && data->set.sep_headers) ?
 158        data->set.proxyheaders : data->set.headers;
 159      head; head = head->next) {
 160    if(curl_strnequal(head->data, thisheader, thislen) &&
 161       Curl_headersep(head->data[thislen]))
 162      return head->data;
 163  }
 164
 165  return NULL;
 166}
 167#endif
 168
 169/* If the header has a value, this function returns TRUE and the value is in
 170   'outp' with blanks trimmed off.
 171*/
 172static bool header_has_value(const char **headerp, struct Curl_str *outp)
 173{
 174  bool value = !curlx_str_cspn(headerp, outp, ";:") &&
 175    (!curlx_str_single(headerp, ':') || !curlx_str_single(headerp, ';'));
 176
 177  if(value) {
 178    curlx_str_untilnl(headerp, outp, MAX_HTTP_RESP_HEADER_SIZE);
 179    curlx_str_trimblanks(outp);
 180  }
 181  return value;
 182}
 183
 184static bool http_header_is_empty(const char *header)
 185{
 186  struct Curl_str out;
 187
 188  if(header_has_value(&header, &out)) {
 189    return curlx_strlen(&out) == 0;
 190  }
 191  return TRUE; /* invalid header format, treat as empty */
 192}
 193
 194/*
 195 * Strip off leading and trailing whitespace from the value in the given HTTP
 196 * header line and return a strdup-ed copy in 'valp' - returns an empty
 197 * string if the header value consists entirely of whitespace.
 198 *
 199 * If the header is provided as "name;", ending with a semicolon, it returns a
 200 * blank string.
 201 */
 202static CURLcode copy_custom_value(const char *header, char **valp)
 203{
 204  struct Curl_str out;
 205
 206  /* find the end of the header name */
 207  if(header_has_value(&header, &out)) {
 208    *valp = curlx_memdup0(curlx_str(&out), curlx_strlen(&out));
 209    if(*valp)
 210      return CURLE_OK;
 211    return CURLE_OUT_OF_MEMORY;
 212  }
 213  /* bad input */
 214  *valp = NULL;
 215  return CURLE_BAD_FUNCTION_ARGUMENT;
 216}
 217
 218/*
 219 * Strip off leading and trailing whitespace from the value in the given HTTP
 220 * header line and return a strdup-ed copy in 'valp' - returns an empty
 221 * string if the header value consists entirely of whitespace.
 222 *
 223 * This function MUST be used after the header has already been confirmed to
 224 * lead with "word:".
 225 *
 226 * @unittest: 1626
 227 */
 228char *Curl_copy_header_value(const char *header)
 229{
 230  struct Curl_str out;
 231
 232  /* find the end of the header name */
 233  if(!curlx_str_until(&header, &out, MAX_HTTP_RESP_HEADER_SIZE, ':') &&
 234     !curlx_str_single(&header, ':')) {
 235    curlx_str_untilnl(&header, &out, MAX_HTTP_RESP_HEADER_SIZE);
 236    curlx_str_trimblanks(&out);
 237    return curlx_memdup0(curlx_str(&out), curlx_strlen(&out));
 238  }
 239  /* bad input, should never happen */
 240  DEBUGASSERT(0);
 241  return NULL;
 242}
 243
 244#ifndef CURL_DISABLE_HTTP_AUTH
 245
 246#ifndef CURL_DISABLE_BASIC_AUTH
 247/*
 248 * http_output_basic() sets up an Authorization: header (or the proxy version)
 249 * for HTTP Basic authentication.
 250 *
 251 * Returns CURLcode.
 252 */
 253static CURLcode http_output_basic(struct Curl_easy *data,
 254                                  struct connectdata *conn, bool proxy)
 255{
 256  size_t size = 0;
 257  char *authorization = NULL;
 258  char **p_hd;
 259  CURLcode result;
 260  struct Curl_creds *creds = NULL;
 261  char *out;
 262
 263  /* credentials are unique per transfer for HTTP, do not use the ones for the
 264     connection */
 265  if(proxy) {
 266#ifndef CURL_DISABLE_PROXY
 267    p_hd = &data->req.hd_proxy_auth;
 268    creds = conn->http_proxy.creds;
 269#else
 270    (void)conn;
 271    return CURLE_NOT_BUILT_IN;
 272#endif
 273  }
 274  else {
 275    p_hd = &data->req.hd_auth;
 276    creds = data->state.creds;
 277  }
 278
 279  if(!creds) {
 280    DEBUGASSERT(0);
 281    return CURLE_FAILED_INIT;
 282  }
 283
 284  out = curl_maprintf("%s:%s", creds->user, creds->passwd);
 285  if(!out)
 286    return CURLE_OUT_OF_MEMORY;
 287
 288  result = curlx_base64_encode((uint8_t *)out, strlen(out),
 289                               &authorization, &size);
 290  if(result)
 291    goto fail;
 292
 293  if(!authorization) {
 294    result = CURLE_REMOTE_ACCESS_DENIED;
 295    goto fail;
 296  }
 297
 298  curlx_free(*p_hd);
 299  *p_hd = curl_maprintf("%sAuthorization: Basic %s\r\n",
 300                        proxy ? "Proxy-" : "",
 301                        authorization);
 302  curlx_free(authorization);
 303  if(!*p_hd) {
 304    result = CURLE_OUT_OF_MEMORY;
 305    goto fail;
 306  }
 307
 308fail:
 309  curlx_free(out);
 310  return result;
 311}
 312
 313#endif
 314
 315#ifndef CURL_DISABLE_BEARER_AUTH
 316/*
 317 * http_output_bearer() sets up an Authorization: header
 318 * for HTTP Bearer authentication.
 319 *
 320 * Returns CURLcode.
 321 */
 322static CURLcode http_output_bearer(struct Curl_easy *data)
 323{
 324  char **userp;
 325  CURLcode result = CURLE_OK;
 326
 327  DEBUGASSERT(Curl_creds_has_oauth_bearer(data->state.creds));
 328  userp = &data->req.hd_auth;
 329  curlx_free(*userp);
 330  *userp = curl_maprintf("Authorization: Bearer %s\r\n",
 331                         Curl_creds_oauth_bearer(data->state.creds));
 332
 333  if(!*userp) {
 334    result = CURLE_OUT_OF_MEMORY;
 335    goto fail;
 336  }
 337
 338fail:
 339  return result;
 340}
 341
 342#endif
 343
 344#endif
 345
 346/* pickoneauth() selects the most favorable authentication method from the
 347 * ones available and the ones we want.
 348 *
 349 * return TRUE if one was picked
 350 */
 351static bool pickoneauth(struct auth *pick, unsigned long mask)
 352{
 353  bool picked;
 354  /* only deal with authentication we want */
 355  unsigned long avail = pick->avail & pick->want & mask;
 356  picked = TRUE;
 357
 358  /* The order of these checks is highly relevant, as this will be the order
 359     of preference in case of the existence of multiple accepted types. */
 360  if(avail & CURLAUTH_NEGOTIATE)
 361    pick->picked = CURLAUTH_NEGOTIATE;
 362#ifndef CURL_DISABLE_BEARER_AUTH
 363  else if(avail & CURLAUTH_BEARER)
 364    pick->picked = CURLAUTH_BEARER;
 365#endif
 366#ifndef CURL_DISABLE_DIGEST_AUTH
 367  else if(avail & CURLAUTH_DIGEST)
 368    pick->picked = CURLAUTH_DIGEST;
 369#endif
 370  else if(avail & CURLAUTH_NTLM)
 371    pick->picked = CURLAUTH_NTLM;
 372#ifndef CURL_DISABLE_BASIC_AUTH
 373  else if(avail & CURLAUTH_BASIC)
 374    pick->picked = CURLAUTH_BASIC;
 375#endif
 376#ifndef CURL_DISABLE_AWS
 377  else if(avail & CURLAUTH_AWS_SIGV4)
 378    pick->picked = CURLAUTH_AWS_SIGV4;
 379#endif
 380  else {
 381    pick->picked = CURLAUTH_PICKNONE; /* we select to use nothing */
 382    picked = FALSE;
 383  }
 384  pick->avail = CURLAUTH_NONE; /* clear it here */
 385
 386  return picked;
 387}
 388
 389/*
 390 * http_perhapsrewind()
 391 *
 392 * The current request needs to be done again - maybe due to a follow
 393 * or authentication negotiation. Check if:
 394 * 1) a rewind of the data sent to the server is necessary
 395 * 2) the current transfer should continue or be stopped early
 396 */
 397static CURLcode http_perhapsrewind(struct Curl_easy *data,
 398                                   struct connectdata *conn)
 399{
 400  curl_off_t bytessent = data->req.writebytecount;
 401  curl_off_t expectsend = Curl_creader_total_length(data);
 402  curl_off_t upload_remain = (expectsend >= 0) ? (expectsend - bytessent) : -1;
 403  bool little_upload_remains = (upload_remain >= 0 && upload_remain < 2000);
 404  bool needs_rewind = Curl_creader_needs_rewind(data);
 405  /* By default, we would like to abort the transfer when little or unknown
 406   * amount remains. This may be overridden by authentications further
 407   * below! */
 408  bool abort_upload = (!data->req.upload_done && !little_upload_remains);
 409  VERBOSE(const char *ongoing_auth = NULL);
 410
 411  /* We need a rewind before uploading client read data again. The
 412   * checks below influence of the upload is to be continued
 413   * or aborted early.
 414   * This depends on how much remains to be sent and in what state
 415   * the authentication is. Some auth schemes such as NTLM do not work
 416   * for a new connection. */
 417  if(needs_rewind) {
 418    infof(data, "Need to rewind upload for next request");
 419    Curl_creader_set_rewind(data, TRUE);
 420  }
 421
 422  if(conn->bits.close)
 423    /* If we already decided to close this connection, we cannot veto. */
 424    return CURLE_OK;
 425
 426  if(abort_upload) {
 427    /* We would like to abort the upload - but should we? */
 428#ifdef USE_NTLM
 429    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
 430       (data->state.authhost.picked == CURLAUTH_NTLM)) {
 431      VERBOSE(ongoing_auth = "NTLM");
 432      if((conn->http_ntlm_state != NTLMSTATE_NONE) ||
 433         (conn->proxy_ntlm_state != NTLMSTATE_NONE)) {
 434        /* The NTLM-negotiation has started, keep on sending.
 435         * Need to do further work on same connection */
 436        abort_upload = FALSE;
 437      }
 438    }
 439#endif
 440#ifdef USE_SPNEGO
 441    /* There is still data left to send */
 442    if((data->state.authproxy.picked == CURLAUTH_NEGOTIATE) ||
 443       (data->state.authhost.picked == CURLAUTH_NEGOTIATE)) {
 444      VERBOSE(ongoing_auth = "NEGOTIATE");
 445      if((conn->http_negotiate_state != GSS_AUTHNONE) ||
 446         (conn->proxy_negotiate_state != GSS_AUTHNONE)) {
 447        /* The NEGOTIATE-negotiation has started, keep on sending.
 448         * Need to do further work on same connection */
 449        abort_upload = FALSE;
 450      }
 451    }
 452#endif
 453  }
 454
 455  if(abort_upload) {
 456    if(upload_remain >= 0)
 457      infof(data, "%s%sclose instead of sending %" FMT_OFF_T " more bytes",
 458            ongoing_auth ? ongoing_auth : "",
 459            ongoing_auth ? " send, " : "",
 460            upload_remain);
 461    else
 462      infof(data, "%s%sclose instead of sending unknown amount "
 463            "of more bytes",
 464            ongoing_auth ? ongoing_auth : "",
 465            ongoing_auth ? " send, " : "");
 466    /* We decided to abort the ongoing transfer */
 467    streamclose(conn, "Mid-auth HTTP and much data left to send");
 468    data->req.size = 0; /* do not download any more than 0 bytes */
 469    data->req.http_bodyless = TRUE;
 470  }
 471  return CURLE_OK;
 472}
 473
 474/**
 475 * http_should_fail() determines whether an HTTP response code has gotten us
 476 * into an error state or not.
 477 *
 478 * @retval FALSE communications should continue
 479 *
 480 * @retval TRUE communications should not continue
 481 */
 482static bool http_should_fail(struct Curl_easy *data, int httpcode)
 483{
 484  DEBUGASSERT(data);
 485  DEBUGASSERT(data->conn);
 486
 487  /*
 488   * If we have not been asked to fail on error,
 489   * do not fail.
 490   */
 491  if(!data->set.http_fail_on_error)
 492    return FALSE;
 493
 494  /*
 495   * Any code < 400 is never terminal.
 496   */
 497  if(httpcode < 400)
 498    return FALSE;
 499
 500  /*
 501   * A 416 response to a resume request is presumably because the file is
 502   * already completely downloaded and thus not actually a fail.
 503   */
 504  if(data->state.resume_from && data->state.httpreq == HTTPREQ_GET &&
 505     httpcode == 416)
 506    return FALSE;
 507
 508  /*
 509   * Any code >= 400 that is not 401 or 407 is always
 510   * a terminal error
 511   */
 512  if((httpcode != 401) && (httpcode != 407))
 513    return TRUE;
 514
 515  /*
 516   * All we have left to deal with is 401 and 407
 517   */
 518  DEBUGASSERT((httpcode == 401) || (httpcode == 407));
 519
 520  /*
 521   * Examine the current authentication state to see if this is an error. The
 522   * idea is for this function to get called after processing all the headers
 523   * in a response message. If we have been to asked to authenticate
 524   * a particular stage, and we have done it, we are OK. If we are already
 525   * completely authenticated, it is not OK to get another 401 or 407.
 526   *
 527   * It is possible for authentication to go stale such that the client needs
 528   * to reauthenticate. Once that info is available, use it here.
 529   */
 530
 531  /*
 532   * Either we are not authenticating, or we are supposed to be authenticating
 533   * something else. This is an error.
 534   */
 535  if((httpcode == 401) && !data->state.creds)
 536    return TRUE;
 537#ifndef CURL_DISABLE_PROXY
 538  if((httpcode == 407) && !data->conn->http_proxy.creds)
 539    return TRUE;
 540#endif
 541
 542  return (bool)data->state.authproblem;
 543}
 544
 545/*
 546 * Curl_http_auth_act() gets called when all HTTP headers have been received
 547 * and it checks what authentication methods that are available and decides
 548 * which one (if any) to use. It will set 'newurl' if an auth method was
 549 * picked.
 550 */
 551CURLcode Curl_http_auth_act(struct Curl_easy *data)
 552{
 553  struct connectdata *conn = data->conn;
 554  bool pickhost = FALSE;
 555  bool pickproxy = FALSE;
 556  CURLcode result = CURLE_OK;
 557  unsigned long authmask = ~0UL;
 558
 559  if(!Curl_creds_has_oauth_bearer(data->state.creds))
 560    authmask &= (unsigned long)~CURLAUTH_BEARER;
 561
 562  if(100 <= data->req.httpcode && data->req.httpcode <= 199)
 563    /* this is a transient response code, ignore */
 564    return CURLE_OK;
 565
 566  if(data->state.authproblem)
 567    return data->set.http_fail_on_error ? CURLE_HTTP_RETURNED_ERROR : CURLE_OK;
 568
 569  if(data->state.creds &&
 570     ((data->req.httpcode == 401) ||
 571      (data->req.authneg && data->req.httpcode < 300))) {
 572    pickhost = pickoneauth(&data->state.authhost, authmask);
 573    if(!pickhost)
 574      data->state.authproblem = TRUE;
 575    else
 576      data->info.httpauthpicked = data->state.authhost.picked;
 577    if(data->state.authhost.picked == CURLAUTH_NTLM &&
 578       (data->req.httpversion_sent > 11)) {
 579      infof(data, "Forcing HTTP/1.1 for NTLM");
 580      connclose(conn, "Force HTTP/1.1 connection");
 581      data->state.http_neg.wanted = CURL_HTTP_V1x;
 582      data->state.http_neg.allowed = CURL_HTTP_V1x;
 583    }
 584  }
 585#ifndef CURL_DISABLE_PROXY
 586  if(conn->http_proxy.creds &&
 587     ((data->req.httpcode == 407) ||
 588      (data->req.authneg && data->req.httpcode < 300))) {
 589    pickproxy = pickoneauth(&data->state.authproxy,
 590                            authmask & ~CURLAUTH_BEARER);
 591    if(!pickproxy)
 592      data->state.authproblem = TRUE;
 593    else
 594      data->info.proxyauthpicked = data->state.authproxy.picked;
 595  }
 596#endif
 597
 598  if(pickhost || pickproxy) {
 599    result = http_perhapsrewind(data, conn);
 600    if(result)
 601      return result;
 602
 603    /* In case this is GSS auth, the newurl field is already allocated so
 604       we must make sure to free it before allocating a new one. As figured
 605       out in bug #2284386 */
 606    curlx_free(data->req.newurl);
 607    /* clone URL */
 608    data->req.newurl = Curl_bufref_dup(&data->state.url);
 609    if(!data->req.newurl)
 610      return CURLE_OUT_OF_MEMORY;
 611  }
 612  else if((data->req.httpcode < 300) &&
 613          !data->state.authhost.done &&
 614          data->req.authneg) {
 615    /* no (known) authentication available,
 616       authentication is not "done" yet and
 617       no authentication seems to be required and
 618       we did not try HEAD or GET */
 619    if((data->state.httpreq != HTTPREQ_GET) &&
 620       (data->state.httpreq != HTTPREQ_HEAD)) {
 621      /* clone URL */
 622      data->req.newurl = Curl_bufref_dup(&data->state.url);
 623      if(!data->req.newurl)
 624        return CURLE_OUT_OF_MEMORY;
 625      data->state.authhost.done = TRUE;
 626    }
 627  }
 628  if(http_should_fail(data, data->req.httpcode)) {
 629    failf(data, "The requested URL returned error: %d",
 630          data->req.httpcode);
 631    result = CURLE_HTTP_RETURNED_ERROR;
 632  }
 633
 634  return result;
 635}
 636
 637#ifndef CURL_DISABLE_HTTP_AUTH
 638/*
 639 * Output the correct authentication header depending on the auth type
 640 * and whether or not it is to a proxy.
 641 */
 642static CURLcode output_auth_headers(struct Curl_easy *data,
 643                                    struct connectdata *conn,
 644                                    struct auth *authstatus,
 645                                    const char *request,
 646                                    const char *path,
 647                                    bool proxy)
 648{
 649  const char *auth = NULL;
 650  CURLcode result = CURLE_OK;
 651  (void)conn;
 652
 653#ifdef CURL_DISABLE_DIGEST_AUTH
 654  (void)request;
 655  (void)path;
 656#endif
 657#ifndef CURL_DISABLE_AWS
 658  if((authstatus->picked == CURLAUTH_AWS_SIGV4) && !proxy) {
 659    /* this method is never for proxy */
 660    auth = "AWS_SIGV4";
 661    result = Curl_output_aws_sigv4(data);
 662    if(result)
 663      return result;
 664  }
 665  else
 666#endif
 667#ifdef USE_SPNEGO
 668  if(authstatus->picked == CURLAUTH_NEGOTIATE) {
 669    auth = "Negotiate";
 670    result = Curl_output_negotiate(data, conn, proxy);
 671    if(result)
 672      return result;
 673  }
 674  else
 675#endif
 676#ifdef USE_NTLM
 677  if(authstatus->picked == CURLAUTH_NTLM) {
 678    auth = "NTLM";
 679    result = Curl_output_ntlm(data, proxy);
 680    if(result)
 681      return result;
 682  }
 683  else
 684#endif
 685#ifndef CURL_DISABLE_DIGEST_AUTH
 686  if(authstatus->picked == CURLAUTH_DIGEST) {
 687    auth = "Digest";
 688    result = Curl_output_digest(data,
 689                                proxy,
 690                                (const unsigned char *)request,
 691                                (const unsigned char *)path);
 692    if(result)
 693      return result;
 694  }
 695  else
 696#endif
 697#ifndef CURL_DISABLE_BASIC_AUTH
 698  if(authstatus->picked == CURLAUTH_BASIC) {
 699    /* Basic */
 700    if(
 701#ifndef CURL_DISABLE_PROXY
 702       (proxy && conn->http_proxy.creds &&
 703        !Curl_checkProxyheaders(data, conn,
 704                                STRCONST("Proxy-authorization"))) ||
 705#endif
 706       (!proxy && data->state.creds &&
 707        !Curl_checkheaders(data, STRCONST("Authorization")))) {
 708      auth = "Basic";
 709      result = http_output_basic(data, conn, proxy);
 710      if(result)
 711        return result;
 712    }
 713
 714    /* NOTE: this function should set 'done' TRUE, as the other auth
 715       functions work that way */
 716    authstatus->done = TRUE;
 717  }
 718#endif
 719#ifndef CURL_DISABLE_BEARER_AUTH
 720  if(authstatus->picked == CURLAUTH_BEARER) {
 721    /* Bearer */
 722    if(!proxy && Curl_creds_has_oauth_bearer(data->state.creds) &&
 723       !Curl_checkheaders(data, STRCONST("Authorization"))) {
 724      auth = "Bearer";
 725      result = http_output_bearer(data);
 726      if(result)
 727        return result;
 728    }
 729
 730    /* NOTE: this function should set 'done' TRUE, as the other auth
 731       functions work that way */
 732    authstatus->done = TRUE;
 733  }
 734#endif
 735
 736  if(auth) {
 737#ifndef CURL_DISABLE_PROXY
 738    if(proxy)
 739      data->info.proxyauthpicked = authstatus->picked;
 740    else
 741      data->info.httpauthpicked = authstatus->picked;
 742    infof(data, "%s auth using %s with user '%s'",
 743          proxy ? "Proxy" : "Server", auth,
 744          proxy ? (conn->http_proxy.creds ?
 745                   conn->http_proxy.creds->user : "") :
 746          (data->state.creds ?
 747           data->state.creds->user : ""));
 748#else
 749    (void)proxy;
 750    infof(data, "Server auth using %s with user '%s'",
 751          auth, data->state.creds ?
 752          data->state.creds->user : "");
 753#endif
 754    authstatus->multipass = !authstatus->done;
 755  }
 756  else {
 757    authstatus->multipass = FALSE;
 758    if(proxy)
 759      data->info.proxyauthpicked = 0;
 760    else
 761      data->info.httpauthpicked = 0;
 762  }
 763
 764  return result;
 765}
 766
 767CURLcode Curl_http_output_auth(struct Curl_easy *data,
 768                               struct connectdata *conn,
 769                               const char *request,
 770                               Curl_HttpReq httpreq,
 771                               const char *path,
 772                               const char *query,
 773                               bool is_connect)
 774{
 775  CURLcode result = CURLE_OK;
 776  struct auth *authhost;
 777  struct auth *authproxy;
 778  const char *path_and_query = path;
 779  char *tmp_str = NULL;
 780
 781  DEBUGASSERT(data);
 782  authhost = &data->state.authhost;
 783  authproxy = &data->state.authproxy;
 784
 785  if(
 786#ifndef CURL_DISABLE_PROXY
 787    (!conn->bits.httpproxy || !conn->http_proxy.creds) &&
 788#endif
 789#ifdef USE_SPNEGO
 790    !(authhost->want & CURLAUTH_NEGOTIATE) &&
 791    !(authproxy->want & CURLAUTH_NEGOTIATE) &&
 792#endif
 793    !data->state.creds) {
 794    /* no authentication with no user or password */
 795    authhost->done = TRUE;
 796    authproxy->done = TRUE;
 797    result = CURLE_OK;
 798    goto out;
 799  }
 800
 801  if(query) {
 802    tmp_str = curl_maprintf("%s?%s", path, query);
 803    if(!tmp_str) {
 804      result = CURLE_OUT_OF_MEMORY;
 805      goto out;
 806    }
 807    path_and_query = tmp_str;
 808  }
 809
 810  if(authhost->want && !authhost->picked)
 811    /* The app has selected one or more methods, but none has been picked
 812       so far by a server round-trip. Then we set the picked one to the
 813       want one, and if this is one single bit it will be used instantly. */
 814    authhost->picked = authhost->want;
 815
 816  if(authproxy->want && !authproxy->picked)
 817    /* The app has selected one or more methods, but none has been picked so
 818       far by a proxy round-trip. Then we set the picked one to the want one,
 819       and if this is one single bit it will be used instantly. */
 820    authproxy->picked = authproxy->want;
 821
 822#ifndef CURL_DISABLE_PROXY
 823  /* Send proxy authentication header if needed */
 824  if(conn->bits.httpproxy && (!conn->bits.tunnel_proxy || is_connect)) {
 825    result = output_auth_headers(data, conn, authproxy, request,
 826                                 path_and_query, TRUE);
 827    if(result)
 828      goto out;
 829  }
 830  else
 831#else
 832  (void)is_connect;
 833#endif /* CURL_DISABLE_PROXY */
 834    /* we have no proxy so let's pretend we are done authenticating
 835       with it */
 836    authproxy->done = TRUE;
 837
 838  /* Either we have credentials for the origin we talk to or
 839     performing authentication is allowed here */
 840  if(data->state.creds || Curl_auth_allowed_to_host(data))
 841    result = output_auth_headers(data, conn, authhost, request,
 842                                 path_and_query, FALSE);
 843  else
 844    authhost->done = TRUE;
 845
 846  if(((authhost->multipass && !authhost->done) ||
 847      (authproxy->multipass && !authproxy->done)) &&
 848     (httpreq != HTTPREQ_GET) &&
 849     (httpreq != HTTPREQ_HEAD)) {
 850    /* Auth is required and we are not authenticated yet. Make a PUT or POST
 851       with content-length zero as a "probe". */
 852    data->req.authneg = TRUE;
 853  }
 854  else
 855    data->req.authneg = FALSE;
 856
 857out:
 858  curlx_free(tmp_str);
 859  return result;
 860}
 861
 862#else /* !CURL_DISABLE_HTTP_AUTH */
 863/* when disabled */
 864CURLcode Curl_http_output_auth(struct Curl_easy *data,
 865                               struct connectdata *conn,
 866                               const char *request,
 867                               Curl_HttpReq httpreq,
 868                               const char *path,
 869                               const char *query,
 870                               bool is_connect)
 871{
 872  (void)data;
 873  (void)conn;
 874  (void)request;
 875  (void)httpreq;
 876  (void)path;
 877  (void)query;
 878  (void)is_connect;
 879  return CURLE_OK;
 880}
 881#endif /* !CURL_DISABLE_HTTP_AUTH, else */
 882
 883#if defined(USE_SPNEGO) || defined(USE_NTLM) || \
 884  !defined(CURL_DISABLE_DIGEST_AUTH) || \
 885  !defined(CURL_DISABLE_BASIC_AUTH) || \
 886  !defined(CURL_DISABLE_BEARER_AUTH)
 887static bool authcmp(const char *auth, const char *line)
 888{
 889  /* the auth string must not have an alnum following */
 890  size_t n = strlen(auth);
 891  return curl_strnequal(auth, line, n) && !ISALNUM(line[n]);
 892}
 893#endif
 894
 895#ifdef USE_SPNEGO
 896static CURLcode auth_spnego(struct Curl_easy *data,
 897                            bool proxy,
 898                            const char *auth,
 899                            struct auth *authp,
 900                            uint32_t *availp)
 901{
 902  if((authp->avail & CURLAUTH_NEGOTIATE) || Curl_auth_is_spnego_supported()) {
 903    *availp |= CURLAUTH_NEGOTIATE;
 904    authp->avail |= CURLAUTH_NEGOTIATE;
 905
 906    if(authp->picked == CURLAUTH_NEGOTIATE) {
 907      struct connectdata *conn = data->conn;
 908      CURLcode result = Curl_input_negotiate(data, conn, proxy, auth);
 909      curlnegotiate *negstate = proxy ? &conn->proxy_negotiate_state :
 910        &conn->http_negotiate_state;
 911      if(!result) {
 912        curlx_free(data->req.newurl);
 913        data->req.newurl = Curl_bufref_dup(&data->state.url);
 914        if(!data->req.newurl)
 915          return CURLE_OUT_OF_MEMORY;
 916        data->state.authproblem = FALSE;
 917        /* we received a GSS auth token and we dealt with it fine */
 918        *negstate = GSS_AUTHRECV;
 919      }
 920      else
 921        data->state.authproblem = TRUE;
 922    }
 923  }
 924  return CURLE_OK;
 925}
 926#endif
 927
 928#ifdef USE_NTLM
 929static CURLcode auth_ntlm(struct Curl_easy *data,
 930                          bool proxy,
 931                          const char *auth,
 932                          struct auth *authp,
 933                          uint32_t *availp)
 934{
 935  /* NTLM support requires the SSL crypto libs */
 936  if((authp->avail & CURLAUTH_NTLM) || Curl_auth_is_ntlm_supported()) {
 937    *availp |= CURLAUTH_NTLM;
 938    authp->avail |= CURLAUTH_NTLM;
 939
 940    if(authp->picked == CURLAUTH_NTLM) {
 941      /* NTLM authentication is picked and activated */
 942      CURLcode result = Curl_input_ntlm(data, proxy, auth);
 943      if(!result)
 944        data->state.authproblem = FALSE;
 945      else {
 946        if(result == CURLE_OUT_OF_MEMORY)
 947          return result;
 948        infof(data, "NTLM authentication problem, ignoring.");
 949        data->state.authproblem = TRUE;
 950      }
 951    }
 952  }
 953  return CURLE_OK;
 954}
 955#endif
 956
 957#ifndef CURL_DISABLE_DIGEST_AUTH
 958static CURLcode auth_digest(struct Curl_easy *data,
 959                            bool proxy,
 960                            const char *auth,
 961                            struct auth *authp,
 962                            uint32_t *availp)
 963{
 964  if(authp->avail & CURLAUTH_DIGEST) {
 965    *availp |= CURLAUTH_DIGEST;
 966    infof(data, "Ignoring duplicate digest auth header.");
 967  }
 968  else if(Curl_auth_is_digest_supported()) {
 969    CURLcode result;
 970
 971    *availp |= CURLAUTH_DIGEST;
 972    authp->avail |= CURLAUTH_DIGEST;
 973
 974    /* We call this function on input Digest headers even if Digest
 975     * authentication is not activated yet, as we need to store the
 976     * incoming data from this header in case we are going to use
 977     * Digest */
 978    result = Curl_input_digest(data, proxy, auth);
 979    if(result) {
 980      if(result == CURLE_OUT_OF_MEMORY)
 981        return result;
 982      infof(data, "Digest authentication problem, ignoring.");
 983      data->state.authproblem = TRUE;
 984    }
 985  }
 986  return CURLE_OK;
 987}
 988#endif
 989
 990#ifndef CURL_DISABLE_BASIC_AUTH
 991static CURLcode auth_basic(struct Curl_easy *data,
 992                           struct auth *authp,
 993                           uint32_t *availp)
 994{
 995  *availp |= CURLAUTH_BASIC;
 996  authp->avail |= CURLAUTH_BASIC;
 997  if(authp->picked == CURLAUTH_BASIC) {
 998    /* We asked for Basic authentication but got a 40X back anyway, which
 999       means our name+password is not valid. */
1000    authp->avail = CURLAUTH_NONE;
1001    infof(data, "Basic authentication problem, ignoring.");
1002    data->state.authproblem = TRUE;
1003  }
1004  return CURLE_OK;
1005}
1006#endif
1007
1008#ifndef CURL_DISABLE_BEARER_AUTH
1009static CURLcode auth_bearer(struct Curl_easy *data,
1010                            struct auth *authp,
1011                            uint32_t *availp)
1012{
1013  *availp |= CURLAUTH_BEARER;
1014  authp->avail |= CURLAUTH_BEARER;
1015  if(authp->picked == CURLAUTH_BEARER) {
1016    /* We asked for Bearer authentication but got a 40X back anyway, which
1017       means our token is not valid. */
1018    authp->avail = CURLAUTH_NONE;
1019    infof(data, "Bearer authentication problem, ignoring.");
1020    data->state.authproblem = TRUE;
1021  }
1022  return CURLE_OK;
1023}
1024#endif
1025
1026/*
1027 * Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
1028 * headers. They are dealt with both in the transfer.c main loop and in the
1029 * proxy CONNECT loop.
1030 *
1031 * The 'auth' line ends with a null byte without CR or LF present.
1032 */
1033CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
1034                              const char *auth) /* the first non-space */
1035{
1036  /*
1037   * This resource requires authentication
1038   */
1039#if defined(USE_SPNEGO) ||                      \
1040  defined(USE_NTLM) ||                          \
1041  !defined(CURL_DISABLE_DIGEST_AUTH) ||         \
1042  !defined(CURL_DISABLE_BASIC_AUTH) ||          \
1043  !defined(CURL_DISABLE_BEARER_AUTH)
1044
1045  uint32_t *availp;
1046  struct auth *authp;
1047  CURLcode result = CURLE_OK;
1048  DEBUGASSERT(auth);
1049  DEBUGASSERT(data);
1050
1051  if(proxy) {
1052    availp = &data->info.proxyauthavail;
1053    authp = &data->state.authproxy;
1054  }
1055  else {
1056    availp = &data->info.httpauthavail;
1057    authp = &data->state.authhost;
1058  }
1059
1060  /*
1061   * Here we check if we want the specific single authentication (using ==) and
1062   * if we do, we initiate usage of it.
1063   *
1064   * If the provided authentication is wanted as one out of several accepted
1065   * types (using &), we OR this authentication type to the authavail
1066   * variable.
1067   *
1068   * Note:
1069   *
1070   * ->picked is first set to the 'want' value (one or more bits) before the
1071   * request is sent, and then it is again set _after_ all response 401/407
1072   * headers have been received but then only to a single preferred method
1073   * (bit).
1074   */
1075
1076  while(*auth) {
1077#ifdef USE_SPNEGO
1078    if(authcmp("Negotiate", auth))
1079      result = auth_spnego(data, proxy, auth, authp, availp);
1080#endif
1081#ifdef USE_NTLM
1082    if(!result && authcmp("NTLM", auth))
1083      result = auth_ntlm(data, proxy, auth, authp, availp);
1084#endif
1085#ifndef CURL_DISABLE_DIGEST_AUTH
1086    if(!result && authcmp("Digest", auth))
1087      result = auth_digest(data, proxy, auth, authp, availp);
1088#endif
1089#ifndef CURL_DISABLE_BASIC_AUTH
1090    if(!result && authcmp("Basic", auth))
1091      result = auth_basic(data, authp, availp);
1092#endif
1093#ifndef CURL_DISABLE_BEARER_AUTH
1094    if(authcmp("Bearer", auth))
1095      result = auth_bearer(data, authp, availp);
1096#endif
1097
1098    if(result)
1099      break;
1100
1101    /* there may be multiple methods on one line, so keep reading */
1102    auth = strchr(auth, ',');
1103    if(auth) /* if we are on a comma, skip it */
1104      auth++;
1105    else
1106      break;
1107    curlx_str_passblanks(&auth);
1108  }
1109  return result;
1110#else
1111  (void)data;
1112  (void)proxy;
1113  (void)auth;
1114  /* nothing to do when disabled */
1115  return CURLE_OK;
1116#endif
1117}
1118
1119static void http_switch_to_get(struct Curl_easy *data, int code)
1120{
1121  const char *req = data->set.str[STRING_CUSTOMREQUEST];
1122
1123  if((req || data->state.httpreq != HTTPREQ_GET) &&
1124     (data->set.http_follow_mode == CURLFOLLOW_OBEYCODE)) {
1125    NOVERBOSE((void)code);
1126    infof(data, "Switch to GET because of %d response", code);
1127    data->state.http_ignorecustom = TRUE;
1128  }
1129  else if(req && (data->set.http_follow_mode != CURLFOLLOW_FIRSTONLY))
1130    infof(data, "Stick to %s instead of GET", req);
1131
1132  data->state.httpreq = HTTPREQ_GET;
1133  Curl_creader_set_rewind(data, FALSE);
1134}
1135
1136#define HTTPREQ_IS_POST(data)                           \
1137  ((data)->state.httpreq == HTTPREQ_POST ||             \
1138   (data)->state.httpreq == HTTPREQ_POST_FORM ||        \
1139   (data)->state.httpreq == HTTPREQ_POST_MIME)
1140
1141CURLcode Curl_http_follow(struct Curl_easy *data, const char *newurl,
1142                          followtype type)
1143{
1144  bool disallowport = FALSE;
1145  bool reachedmax = FALSE;
1146  char *follow_url = NULL;
1147  CURLUcode uc;
1148  CURLcode rewind_result;
1149  bool switch_to_get = FALSE;
1150
1151  DEBUGASSERT(type != FOLLOW_NONE);
1152
1153  if(type != FOLLOW_FAKE)
1154    data->state.requests++; /* count all real follows */
1155  if(type == FOLLOW_REDIR) {
1156    if((data->set.maxredirs != -1) &&
1157       (data->state.followlocation >= data->set.maxredirs)) {
1158      reachedmax = TRUE;
1159      type = FOLLOW_FAKE; /* switch to fake to store the would-be-redirected
1160                             to URL */
1161    }
1162    else {
1163      data->state.followlocation++; /* count redirect-followings, including
1164                                       auth reloads */
1165
1166      if(data->set.http_auto_referer) {
1167        CURLU *u;
1168        char *referer = NULL;
1169
1170        /* We are asked to automatically set the previous URL as the referer
1171           when we get the next URL. We pick the ->url field, which may or may
1172           not be 100% correct */
1173        Curl_bufref_free(&data->state.referer);
1174
1175        /* Make a copy of the URL without credentials and fragment */
1176        u = curl_url();
1177        if(!u)
1178          return CURLE_OUT_OF_MEMORY;
1179
1180        uc = curl_url_set(u, CURLUPART_URL,
1181                          Curl_bufref_ptr(&data->state.url), 0);
1182        if(!uc)
1183          uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0);
1184        if(!uc)
1185          uc = curl_url_set(u, CURLUPART_USER, NULL, 0);
1186        if(!uc)
1187          uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0);
1188        if(!uc)
1189          uc = curl_url_get(u, CURLUPART_URL, &referer, 0);
1190
1191        curl_url_cleanup(u);
1192
1193        if(uc || !referer)
1194          return CURLE_OUT_OF_MEMORY;
1195
1196        Curl_bufref_set(&data->state.referer, referer, 0, curl_free);
1197      }
1198    }
1199  }
1200
1201  if((type != FOLLOW_RETRY) &&
1202     (data->req.httpcode != 401) && (data->req.httpcode != 407) &&
1203     Curl_is_absolute_url(newurl, NULL, 0, FALSE)) {
1204    /* If this is not redirect due to a 401 or 407 response and an absolute
1205       URL: do not allow a custom port number */
1206    disallowport = TRUE;
1207  }
1208
1209  DEBUGASSERT(data->state.uh);
1210  uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl, (unsigned int)
1211                    ((type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME :
1212                     ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) |
1213                     CURLU_ALLOW_SPACE |
1214                     (data->set.path_as_is ? CURLU_PATH_AS_IS : 0)));
1215  if(uc) {
1216    if((uc == CURLUE_OUT_OF_MEMORY) || (type != FOLLOW_FAKE)) {
1217      failf(data, "The redirect target URL could not be parsed: %s",
1218            curl_url_strerror(uc));
1219      return Curl_uc_to_curlcode(uc);
1220    }
1221
1222    /* the URL could not be parsed for some reason, but since this is FAKE
1223       mode, duplicate the field as-is */
1224    follow_url = curlx_strdup(newurl);
1225    if(!follow_url)
1226      return CURLE_OUT_OF_MEMORY;
1227  }
1228  else {
1229    CURLU *u = curl_url();
1230    if(!u)
1231      return CURLE_OUT_OF_MEMORY;
1232    uc = curl_url_set(u, CURLUPART_URL,
1233                      Curl_bufref_ptr(&data->state.url),
1234                      CURLU_URLENCODE | CURLU_ALLOW_SPACE);
1235    if(!uc)
1236      uc = curl_url_get(data->state.uh, CURLUPART_URL, &follow_url, 0);
1237    if(uc) {
1238      curl_url_cleanup(u);
1239      return Curl_uc_to_curlcode(uc);
1240    }
1241
1242#ifndef CURL_DISABLE_DIGEST_AUTH
1243    {
1244      bool same_origin = Curl_url_same_origin(u, data->state.uh);
1245      curl_url_cleanup(u);
1246      if(!same_origin)
1247        Curl_auth_digest_cleanup(&data->state.digest);
1248    }
1249#else
1250    curl_url_cleanup(u);
1251#endif
1252  }
1253  DEBUGASSERT(follow_url);
1254
1255  if(type == FOLLOW_FAKE) {
1256    /* we are only figuring out the new URL if we would have followed locations
1257       but now we are done so we can get out! */
1258    data->info.wouldredirect = follow_url;
1259
1260    if(reachedmax) {
1261      failf(data, "Maximum (%d) redirects followed", data->set.maxredirs);
1262      return CURLE_TOO_MANY_REDIRECTS;
1263    }
1264    return CURLE_OK;
1265  }
1266
1267  if(disallowport)
1268    data->state.allow_port = FALSE;
1269
1270  Curl_bufref_set(&data->state.url, follow_url, 0, curl_free);
1271  rewind_result = Curl_req_soft_reset(&data->req, data);
1272  infof(data, "Issue another request to this URL: '%s'", follow_url);
1273  if((data->set.http_follow_mode == CURLFOLLOW_FIRSTONLY) &&
1274     data->set.str[STRING_CUSTOMREQUEST] &&
1275     !data->state.http_ignorecustom) {
1276    data->state.http_ignorecustom = TRUE;
1277    infof(data, "Drop custom request method for next request");
1278  }
1279
1280  /*
1281   * We get here when the HTTP code is 300-399 (and 401). We need to perform
1282   * differently based on exactly what return code there was.
1283   *
1284   * News from 7.10.6: we can also get here on a 401 or 407, in case we act on
1285   * an HTTP (proxy-) authentication scheme other than Basic.
1286   */
1287  switch(data->info.httpcode) {
1288    /* 401 - Act on a WWW-Authenticate, we keep on moving and do the
1289       Authorization: XXXX header in the HTTP request code snippet */
1290    /* 407 - Act on a Proxy-Authenticate, we keep on moving and do the
1291       Proxy-Authorization: XXXX header in the HTTP request code snippet */
1292    /* 300 - Multiple Choices */
1293    /* 306 - Not used */
1294    /* 307 - Temporary Redirect */
1295  default: /* for all above (and the unknown ones) */
1296    /* Some codes are explicitly mentioned since I have checked RFC2616 and
1297     * they seem to be OK to POST to.
1298     */
1299    break;
1300  case 301: /* Moved Permanently */
1301    /* (quote from RFC7231, section 6.4.2)
1302     *
1303     * Note: For historical reasons, a user agent MAY change the request
1304     * method from POST to GET for the subsequent request. If this
1305     * behavior is undesired, the 307 (Temporary Redirect) status code
1306     * can be used instead.
1307     *
1308     * ----
1309     *
1310     * Many webservers expect this, so these servers often answers to a POST
1311     * request with an error page. To be sure that libcurl gets the page that
1312     * most user agents would get, libcurl has to force GET.
1313     *
1314     * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and
1315     * can be overridden with CURLOPT_POSTREDIR.
1316     */
1317    if(HTTPREQ_IS_POST(data) && !data->set.post301) {
1318      http_switch_to_get(data, 301);
1319      switch_to_get = TRUE;
1320    }
1321    break;
1322  case 302: /* Found */
1323    /* (quote from RFC7231, section 6.4.3)
1324     *
1325     * Note: For historical reasons, a user agent MAY change the request
1326     * method from POST to GET for the subsequent request. If this
1327     * behavior is undesired, the 307 (Temporary Redirect) status code
1328     * can be used instead.
1329     *
1330     * ----
1331     *
1332     * Many webservers expect this, so these servers often answers to a POST
1333     * request with an error page. To be sure that libcurl gets the page that
1334     * most user agents would get, libcurl has to force GET.
1335     *
1336     * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and
1337     * can be overridden with CURLOPT_POSTREDIR.
1338     */
1339    if(HTTPREQ_IS_POST(data) && !data->set.post302) {
1340      http_switch_to_get(data, 302);
1341      switch_to_get = TRUE;
1342    }
1343    break;
1344
1345  case 303: /* See Other */
1346    /* 'See Other' location is not the resource but a substitute for the
1347     * resource. In this case we switch the method to GET/HEAD, unless the
1348     * method is POST and the user specified to keep it as POST.
1349     */
1350    if(!HTTPREQ_IS_POST(data) || !data->set.post303) {
1351      http_switch_to_get(data, 303);
1352      switch_to_get = TRUE;
1353    }
1354    break;
1355  case 304: /* Not Modified */
1356    /* 304 means we did a conditional request and it was "Not modified".
1357     * We should not get any Location: header in this response!
1358     */
1359    break;
1360  case 305: /* Use Proxy */
1361    /* (quote from RFC2616, section 10.3.6):
1362     * "The requested resource MUST be accessed through the proxy given
1363     * by the Location field. The Location field gives the URI of the
1364     * proxy. The recipient is expected to repeat this single request
1365     * via the proxy. 305 responses MUST only be generated by origin
1366     * servers."
1367     */
1368    break;
1369  }
1370
1371  /* When rewind of upload data failed and we are not switching to GET,
1372   * we need to fail the follow, as we cannot send the data again. */
1373  if(rewind_result && !switch_to_get)
1374    return rewind_result;
1375
1376  Curl_pgrsTime(data, TIMER_REDIRECT);
1377  Curl_pgrsResetTransferSizes(data);
1378
1379  return CURLE_OK;
1380}
1381
1382/*
1383 * Curl_compareheader()
1384 *
1385 * Returns TRUE if 'headerline' contains the 'header' with given 'content'
1386 * (within a comma-separated list of tokens). Pass 'header' WITH the colon.
1387 *
1388 * @unittest: 1625
1389 */
1390bool Curl_compareheader(const char *headerline, /* line to check */
1391                        const char *header, /* header keyword _with_ colon */
1392                        const size_t hlen, /* len of the keyword in bytes */
1393                        const char *content, /* content string to find */
1394                        const size_t clen) /* len of the content in bytes */
1395{
1396  /* RFC2616, section 4.2 says: "Each header field consists of a name followed
1397   * by a colon (":") and the field value. Field names are case-insensitive.
1398   * The field value MAY be preceded by any amount of LWS, though a single SP
1399   * is preferred." */
1400
1401  const char *p;
1402  struct Curl_str val;
1403  DEBUGASSERT(hlen);
1404  DEBUGASSERT(clen);
1405  DEBUGASSERT(header);
1406  DEBUGASSERT(content);
1407
1408  if(!curl_strnequal(headerline, header, hlen))
1409    return FALSE; /* does not start with header */
1410
1411  /* pass the header */
1412  p = &headerline[hlen];
1413
1414  if(curlx_str_untilnl(&p, &val, MAX_HTTP_RESP_HEADER_SIZE))
1415    return FALSE;
1416  curlx_str_trimblanks(&val);
1417
1418  /* find the content string in the rest of the line */
1419  if(curlx_strlen(&val) >= clen) {
1420    size_t len;
1421    p = curlx_str(&val);
1422    for(len = curlx_strlen(&val); len >= clen;) {
1423      struct Curl_str next;
1424      const char *o = p;
1425      /* after a match there must be a comma, space, newline or null byte */
1426      if(curl_strnequal(p, content, clen) &&
1427         ((p[clen] == ',') || ISBLANK(p[clen]) || ISNEWLINE(p[clen]) ||
1428          !p[clen]))
1429        return TRUE; /* match! */
1430      /* advance to the next comma */
1431      if(curlx_str_until(&p, &next, MAX_HTTP_RESP_HEADER_SIZE, ',') ||
1432         curlx_str_single(&p, ','))
1433        break; /* no comma, get out */
1434
1435      /* if there are more dummy commas, move over them as well */
1436      do
1437        curlx_str_passblanks(&p);
1438      while(!curlx_str_single(&p, ','));
1439      len -= (p - o);
1440    }
1441  }
1442  return FALSE; /* no match */
1443}
1444
1445struct cr_exp100_ctx {
1446  struct Curl_creader super;
1447  struct curltime start; /* time started waiting */
1448  enum expect100 state;
1449};
1450
1451/* Expect: 100-continue client reader, blocking uploads */
1452
1453static void http_exp100_continue(struct Curl_easy *data,
1454                                 struct Curl_creader *reader)
1455{
1456  struct cr_exp100_ctx *ctx = reader->ctx;
1457  if(ctx->state > EXP100_SEND_DATA) {
1458    ctx->state = EXP100_SEND_DATA;
1459    Curl_expire_done(data, EXPIRE_100_TIMEOUT);
1460  }
1461}
1462
1463static CURLcode cr_exp100_read(struct Curl_easy *data,
1464                               struct Curl_creader *reader,
1465                               char *buf, size_t blen,
1466                               size_t *nread, bool *eos)
1467{
1468  struct cr_exp100_ctx *ctx = reader->ctx;
1469  timediff_t ms;
1470
1471  switch(ctx->state) {
1472  case EXP100_SENDING_REQUEST:
1473    if(!Curl_req_sendbuf_empty(data)) {
1474      /* The initial request data has not been fully sent yet. Do
1475       * not start the timer yet. */
1476      DEBUGF(infof(data, "cr_exp100_read, request not full sent yet"));
1477      *nread = 0;
1478      *eos = FALSE;
1479      return CURLE_OK;
1480    }
1481    /* We are now waiting for a reply from the server or
1482     * a timeout on our side IFF the request has been fully sent. */
1483    DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE, "
1484                 "timeout %dms", data->set.expect_100_timeout));
1485    ctx->state = EXP100_AWAITING_CONTINUE;
1486    ctx->start = *Curl_pgrs_now(data);
1487    Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT);
1488    *nread = 0;
1489    *eos = FALSE;
1490    return CURLE_OK;
1491  case EXP100_FAILED:
1492    DEBUGF(infof(data, "cr_exp100_read, expectation failed, error"));
1493    *nread = 0;
1494    *eos = FALSE;
1495    return CURLE_READ_ERROR;
1496  case EXP100_AWAITING_CONTINUE:
1497    ms = curlx_ptimediff_ms(Curl_pgrs_now(data), &ctx->start);
1498    if(ms < data->set.expect_100_timeout) {
1499      DEBUGF(infof(data, "cr_exp100_read, AWAITING_CONTINUE, not expired"));
1500      *nread = 0;
1501      *eos = FALSE;
1502      return CURLE_OK;
1503    }
1504    /* we have waited long enough, continue anyway */
1505    http_exp100_continue(data, reader);
1506    infof(data, "Done waiting for 100-continue");
1507    FALLTHROUGH();
1508  default:
1509    DEBUGF(infof(data, "cr_exp100_read, pass through"));
1510    return Curl_creader_read(data, reader->next, buf, blen, nread, eos);
1511  }
1512}
1513
1514static void cr_exp100_done(struct Curl_easy *data,
1515                           struct Curl_creader *reader, int premature)
1516{
1517  struct cr_exp100_ctx *ctx = reader->ctx;
1518  ctx->state = premature ? EXP100_FAILED : EXP100_SEND_DATA;
1519  Curl_expire_done(data, EXPIRE_100_TIMEOUT);
1520}
1521
1522static const struct Curl_crtype cr_exp100 = {
1523  "cr-exp100",
1524  Curl_creader_def_init,
1525  cr_exp100_read,
1526  Curl_creader_def_close,
1527  Curl_creader_def_needs_rewind,
1528  Curl_creader_def_total_length,
1529  Curl_creader_def_resume_from,
1530  Curl_creader_def_cntrl,
1531  Curl_creader_def_is_paused,
1532  cr_exp100_done,
1533  sizeof(struct cr_exp100_ctx)
1534};
1535
1536static CURLcode http_exp100_add_reader(struct Curl_easy *data)
1537{
1538  struct Curl_creader *reader = NULL;
1539  CURLcode result;
1540
1541  result = Curl_creader_create(&reader, data, &cr_exp100, CURL_CR_PROTOCOL);
1542  if(!result)
1543    result = Curl_creader_add(data, reader);
1544  if(!result) {
1545    struct cr_exp100_ctx *ctx = reader->ctx;
1546    ctx->state = EXP100_SENDING_REQUEST;
1547  }
1548
1549  if(result && reader)
1550    Curl_creader_free(data, reader);
1551  return result;
1552}
1553
1554static void http_exp100_got100(struct Curl_easy *data)
1555{
1556  struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100);
1557  if(r)
1558    http_exp100_continue(data, r);
1559}
1560
1561static bool http_exp100_is_waiting(struct Curl_easy *data)
1562{
1563  struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100);
1564  if(r) {
1565    struct cr_exp100_ctx *ctx = r->ctx;
1566    return ctx->state == EXP100_AWAITING_CONTINUE;
1567  }
1568  return FALSE;
1569}
1570
1571static void http_exp100_send_anyway(struct Curl_easy *data)
1572{
1573  struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100);
1574  if(r)
1575    http_exp100_continue(data, r);
1576}
1577
1578static bool http_exp100_is_selected(struct Curl_easy *data)
1579{
1580  struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100);
1581  return !!r;
1582}
1583
1584/* this returns the socket to wait for in the DO and DOING state for the multi
1585   interface and then we are always _sending_ a request and thus we wait for
1586   the single socket to become writable only */
1587CURLcode Curl_http_doing_pollset(struct Curl_easy *data,
1588                                 struct easy_pollset *ps)
1589{
1590  /* write mode */
1591  return Curl_pollset_add_out(data, ps, data->conn->sock[FIRSTSOCKET]);
1592}
1593
1594CURLcode Curl_http_perform_pollset(struct Curl_easy *data,
1595                                   struct easy_pollset *ps)
1596{
1597  struct connectdata *conn = data->conn;
1598  CURLcode result = CURLE_OK;
1599
1600  if(CURL_REQ_WANT_RECV(data)) {
1601    result = Curl_pollset_add_in(data, ps, conn->sock[FIRSTSOCKET]);
1602  }
1603
1604  /* on a "Expect: 100-continue" timed wait, do not poll for outgoing */
1605  if(!result && Curl_req_want_send(data) && !http_exp100_is_waiting(data)) {
1606    result = Curl_pollset_add_out(data, ps, conn->sock[FIRSTSOCKET]);
1607  }
1608  return result;
1609}
1610
1611static CURLcode http_write_header(struct Curl_easy *data,
1612                                  const char *hd, size_t hdlen)
1613{
1614  CURLcode result;
1615  int writetype;
1616
1617  /* now, only output this if the header AND body are requested:
1618   */
1619  Curl_debug(data, CURLINFO_HEADER_IN, hd, hdlen);
1620
1621  writetype = CLIENTWRITE_HEADER |
1622    ((data->req.httpcode / 100 == 1) ? CLIENTWRITE_1XX : 0);
1623
1624  result = Curl_client_write(data, writetype, hd, hdlen);
1625  if(result)
1626    return result;
1627
1628  result = Curl_bump_headersize(data, hdlen, FALSE);
1629  if(result)
1630    return result;
1631
1632  data->req.deductheadercount = (100 <= data->req.httpcode &&
1633                                 199 >= data->req.httpcode) ?
1634    data->req.headerbytecount : 0;
1635  return result;
1636}
1637
1638/*
1639 * Curl_http_done() gets called after a single HTTP request has been
1640 * performed.
1641 */
1642
1643CURLcode Curl_http_done(struct Curl_easy *data,
1644                        CURLcode status, bool premature)
1645{
1646  struct connectdata *conn = data->conn;
1647
1648  /* Clear multipass flag. If authentication is not done yet, then it will get
1649   * a chance to be set back to true when we output the next auth header */
1650  data->state.authhost.multipass = FALSE;
1651  data->state.authproxy.multipass = FALSE;
1652
1653  if(curlx_dyn_len(&data->state.headerb)) {
1654    (void)http_write_header(data, curlx_dyn_ptr(&data->state.headerb),
1655                            curlx_dyn_len(&data->state.headerb));
1656  }
1657  curlx_dyn_reset(&data->state.headerb);
1658
1659  if(status)
1660    return status;
1661
1662  if(!premature && /* this check is pointless when DONE is called before the
1663                      entire operation is complete */
1664     !conn->bits.retry &&
1665     !data->set.connect_only &&
1666     (data->req.bytecount +
1667      data->req.headerbytecount -
1668      data->req.deductheadercount) <= 0) {
1669    /* If this connection is not closed to be retried, AND nothing was
1670       read from the HTTP server (that counts), this cannot be right so we
1671       return an error here */
1672    failf(data, "Empty reply from server");
1673    /* Mark it as closed to avoid the "left intact" message */
1674    streamclose(conn, "Empty reply from server");
1675    return CURLE_GOT_NOTHING;
1676  }
1677
1678  return CURLE_OK;
1679}
1680
1681/* Determine if we may use HTTP 1.1 for this request. */
1682static bool http_may_use_1_1(const struct Curl_easy *data)
1683{
1684  const struct connectdata *conn = data->conn;
1685  /* We have seen a previous response for *this* transfer with 1.0,
1686   * on another connection or the same one. */
1687  if(data->state.http_neg.rcvd_min == 10)
1688    return FALSE;
1689  /* We have seen a previous response on *this* connection with 1.0. */
1690  if(conn && conn->httpversion_seen == 10)
1691    return FALSE;
1692  /* We want 1.0 and have seen no previous response on *this* connection
1693     with a higher version (maybe no response at all yet). */
1694  if((data->state.http_neg.only_10) &&
1695     (!conn || conn->httpversion_seen <= 10))
1696    return FALSE;
1697  /* We are not restricted to use 1.0 only. */
1698  return !data->state.http_neg.only_10;
1699}
1700
1701static unsigned char http_request_version(struct Curl_easy *data)
1702{
1703  unsigned char v = Curl_conn_http_version(data, data->conn);
1704  if(!v) {
1705    /* No specific HTTP connection filter installed. */
1706    v = http_may_use_1_1(data) ? 11 : 10;
1707  }
1708  return v;
1709}
1710
1711static const char *get_http_string(int httpversion)
1712{
1713  switch(httpversion) {
1714  case 30:
1715    return "3";
1716  case 20:
1717    return "2";
1718  case 11:
1719    return "1.1";
1720  default:
1721    return "1.0";
1722  }
1723}
1724
1725CURLcode Curl_add_custom_headers(struct Curl_easy *data,
1726                                 bool is_connect, int httpversion,
1727                                 struct dynbuf *req)
1728{
1729  struct curl_slist *h[2];
1730  struct curl_slist *headers;
1731  int numlists = 1; /* by default */
1732  int i;
1733
1734#ifndef CURL_DISABLE_PROXY
1735  enum Curl_proxy_use proxy;
1736
1737  if(is_connect)
1738    proxy = HEADER_CONNECT;
1739  else
1740    proxy = data->conn->bits.httpproxy && !data->conn->bits.tunnel_proxy ?
1741      HEADER_PROXY : HEADER_SERVER;
1742
1743  switch(proxy) {
1744  case HEADER_SERVER:
1745    h[0] = data->set.headers;
1746    break;
1747  case HEADER_PROXY:
1748    h[0] = data->set.headers;
1749    if(data->set.sep_headers) {
1750      h[1] = data->set.proxyheaders;
1751      numlists++;
1752    }
1753    break;
1754  case HEADER_CONNECT:
1755    if(data->set.sep_headers)
1756      h[0] = data->set.proxyheaders;
1757    else
1758      h[0] = data->set.headers;
1759    break;
1760  }
1761#else
1762  (void)is_connect;
1763  h[0] = data->set.headers;
1764#endif
1765
1766  /* loop through one or two lists */
1767  for(i = 0; i < numlists; i++) {
1768    for(headers = h[i]; headers; headers = headers->next) {
1769      CURLcode result = CURLE_OK;
1770      bool blankheader = FALSE;
1771      struct Curl_str name;
1772      const char *p = headers->data;
1773      const char *origp = p;
1774
1775      /* explicitly asked to send header without content is done by a header
1776         that ends with a semicolon, but there must be no colon present in the
1777         name */
1778      if(!curlx_str_until(&p, &name, MAX_HTTP_RESP_HEADER_SIZE, ';') &&
1779         !curlx_str_single(&p, ';') &&
1780         !curlx_str_single(&p, '\0') &&
1781         !memchr(curlx_str(&name), ':', curlx_strlen(&name)))
1782        blankheader = TRUE;
1783      else {
1784        p = origp;
1785        if(!curlx_str_until(&p, &name, MAX_HTTP_RESP_HEADER_SIZE, ':') &&
1786           !curlx_str_single(&p, ':')) {
1787          struct Curl_str val;
1788          curlx_str_untilnl(&p, &val, MAX_HTTP_RESP_HEADER_SIZE);
1789          curlx_str_trimblanks(&val);
1790          if(!curlx_strlen(&val))
1791            /* no content, do not send this */
1792            continue;
1793        }
1794        else
1795          /* no colon */
1796          continue;
1797      }
1798
1799      /* only send this if the contents was non-blank or done special */
1800
1801      if(data->state.aptr.host &&
1802         /* a Host: header was sent already, do not pass on any custom
1803            Host: header as that will produce *two* in the same
1804            request! */
1805         curlx_str_casecompare(&name, "Host"))
1806        ;
1807      else if(data->state.httpreq == HTTPREQ_POST_FORM &&
1808              /* this header (extended by formdata.c) is sent later */
1809              curlx_str_casecompare(&name, "Content-Type"))
1810        ;
1811      else if(data->state.httpreq == HTTPREQ_POST_MIME &&
1812              /* this header is sent later */
1813              curlx_str_casecompare(&name, "Content-Type"))
1814        ;
1815      else if(data->req.authneg &&
1816              /* while doing auth neg, do not allow the custom length since
1817                 we will force length zero then */
1818              curlx_str_casecompare(&name, "Content-Length"))
1819        ;
1820      else if(curlx_str_casecompare(&name, "Connection"))
1821        /* Connection headers are handled specially */
1822        ;
1823      else if((httpversion >= 20) &&
1824              curlx_str_casecompare(&name, "Transfer-Encoding"))
1825        /* HTTP/2 does not support chunked requests */
1826        ;
1827      else if((curlx_str_casecompare(&name, "Authorization") ||
1828               curlx_str_casecompare(&name, "Cookie")) &&
1829              /* be careful of sending this potentially sensitive header to
1830                 other hosts */
1831              !Curl_auth_allowed_to_host(data))
1832        ;
1833      else if(blankheader)
1834        result = curlx_dyn_addf(req, "%.*s:\r\n", (int)curlx_strlen(&name),
1835                                curlx_str(&name));
1836      else
1837        result = curlx_dyn_addf(req, "%s\r\n", origp);
1838
1839      if(result)
1840        return result;
1841    }
1842  }
1843
1844  return CURLE_OK;
1845}
1846
1847#ifndef CURL_DISABLE_PARSEDATE
1848CURLcode Curl_add_timecondition(struct Curl_easy *data,
1849                                struct dynbuf *req)
1850{
1851  const struct tm *tm;
1852  struct tm keeptime;
1853  CURLcode result;
1854  char datestr[80];
1855  const char *condp;
1856  size_t len;
1857
1858  if(data->set.timecondition == CURL_TIMECOND_NONE)
1859    /* no condition was asked for */
1860    return CURLE_OK;
1861
1862  result = curlx_gmtime(data->set.timevalue, &keeptime);
1863  if(result) {
1864    failf(data, "Invalid TIMEVALUE");
1865    return result;
1866  }
1867  tm = &keeptime;
1868
1869  switch(data->set.timecondition) {
1870  default:
1871    DEBUGF(infof(data, "invalid time condition"));
1872    return CURLE_BAD_FUNCTION_ARGUMENT;
1873
1874  case CURL_TIMECOND_IFMODSINCE:
1875    condp = "If-Modified-Since";
1876    len = 17;
1877    break;
1878  case CURL_TIMECOND_IFUNMODSINCE:
1879    condp = "If-Unmodified-Since";
1880    len = 19;
1881    break;
1882  case CURL_TIMECOND_LASTMOD:
1883    condp = "Last-Modified";
1884    len = 13;
1885    break;
1886  }
1887
1888  if(Curl_checkheaders(data, condp, len)) {
1889    /* A custom header was specified; it will be sent instead. */
1890    return CURLE_OK;
1891  }
1892
1893  /* The If-Modified-Since header family should have their times set in
1894   * GMT as RFC2616 defines: "All HTTP date/time stamps MUST be
1895   * represented in Greenwich Mean Time (GMT), without exception. For the
1896   * purposes of HTTP, GMT is exactly equal to UTC (Coordinated Universal
1897   * Time)." (see page 20 of RFC2616).
1898   */
1899
1900  /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
1901  curl_msnprintf(datestr, sizeof(datestr),
1902                 "%s: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
1903                 condp,
1904                 Curl_wkday[tm->tm_wday ? tm->tm_wday - 1 : 6],
1905                 tm->tm_mday,
1906                 Curl_month[tm->tm_mon],
1907                 tm->tm_year + 1900,
1908                 tm->tm_hour,
1909                 tm->tm_min,
1910                 tm->tm_sec);
1911
1912  result = curlx_dyn_add(req, datestr);
1913  return result;
1914}
1915#else
1916/* disabled */
1917CURLcode Curl_add_timecondition(struct Curl_easy *data,
1918                                struct dynbuf *req)
1919{
1920  (void)data;
1921  (void)req;
1922  return CURLE_OK;
1923}
1924#endif
1925
1926void Curl_http_method(struct Curl_easy *data,
1927                      const char **method, Curl_HttpReq *reqp)
1928{
1929  Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq;
1930  const char *request;
1931#ifndef CURL_DISABLE_WEBSOCKETS
1932  if(data->conn->scheme->protocol & (CURLPROTO_WS | CURLPROTO_WSS))
1933    httpreq = HTTPREQ_GET;
1934  else
1935#endif
1936  if((data->conn->scheme->protocol & (PROTO_FAMILY_HTTP | CURLPROTO_FTP)) &&
1937     data->state.upload)
1938    httpreq = HTTPREQ_PUT;
1939
1940  /* Now set the 'request' pointer to the proper request string */
1941  if(data->set.str[STRING_CUSTOMREQUEST] &&
1942     !data->state.http_ignorecustom) {
1943    request = data->set.str[STRING_CUSTOMREQUEST];
1944  }
1945  else {
1946    if(data->req.no_body)
1947      request = "HEAD";
1948    else {
1949      DEBUGASSERT((httpreq >= HTTPREQ_GET) && (httpreq <= HTTPREQ_HEAD));
1950      switch(httpreq) {
1951      case HTTPREQ_POST:
1952      case HTTPREQ_POST_FORM:
1953      case HTTPREQ_POST_MIME:
1954        request = "POST";
1955        break;
1956      case HTTPREQ_PUT:
1957        request = "PUT";
1958        break;
1959      default: /* this should never happen */
1960      case HTTPREQ_GET:
1961        request = "GET";
1962        break;
1963      case HTTPREQ_HEAD:
1964        request = "HEAD";
1965        break;
1966      }
1967    }
1968  }
1969  *method = request;
1970  *reqp = httpreq;
1971}
1972
1973static CURLcode http_useragent(struct Curl_easy *data)
1974{
1975  /* The User-Agent string might have been allocated already, because
1976     it might have been used in the proxy connect, but if we have got a header
1977     with the user-agent string specified, we erase the previously made string
1978     here. */
1979  if(Curl_checkheaders(data, STRCONST("User-Agent"))) {
1980    curlx_free(data->state.aptr.uagent);
1981    data->state.aptr.uagent = NULL;
1982  }
1983  return CURLE_OK;
1984}
1985
1986static CURLcode http_set_aptr_host(struct Curl_easy *data)
1987{
1988  struct connectdata *conn = data->conn;
1989  struct dynamically_allocated_data *aptr = &data->state.aptr;
1990  const char *ptr;
1991
1992  curlx_safefree(aptr->host);
1993#ifndef CURL_DISABLE_COOKIES
1994  curlx_safefree(data->req.cookiehost);
1995#endif
1996
1997  ptr = Curl_checkheaders(data, STRCONST("Host"));
1998  if(ptr && (!data->state.this_is_a_follow ||
1999             Curl_peer_equal(data->state.initial_origin, conn->origin))) {
2000#ifndef CURL_DISABLE_COOKIES
2001    /* If we have a given custom Host: header, we extract the hostname in
2002       order to possibly use it for cookie reasons later on. We only allow the
2003       custom Host: header if this is NOT a redirect, as setting Host: in the
2004       redirected request is being out on thin ice. Except if the hostname
2005       is the same as the first one! */
2006    char *cookiehost;
2007    CURLcode result = copy_custom_value(ptr, &cookiehost);
2008    if(result)
2009      return result;
2010    if(!*cookiehost)
2011      /* ignore empty data */
2012      curlx_free(cookiehost);
2013    else {
2014      /* If the host begins with '[', we start searching for the port after
2015         the bracket has been closed */
2016      if(*cookiehost == '[') {
2017        char *closingbracket;
2018        /* since the 'cookiehost' is an allocated memory area that will be
2019           freed later we cannot increment the pointer */
2020        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
2021        closingbracket = strchr(cookiehost, ']');
2022        if(closingbracket)
2023          *closingbracket = 0;
2024      }
2025      else {
2026        int startsearch = 0;
2027        char *colon = strchr(cookiehost + startsearch, ':');
2028        if(colon)
2029          *colon = 0; /* The host must not include an embedded port number */
2030      }
2031      data->req.cookiehost = cookiehost;
2032    }
2033#endif
2034
2035    if(!curl_strequal("Host:", ptr)) {
2036      aptr->host = curl_maprintf("Host:%s\r\n", &ptr[5]);
2037      if(!aptr->host)
2038        return CURLE_OUT_OF_MEMORY;
2039    }
2040  }
2041  else {
2042    /* Use the hostname as present in the URL if it was IPv6. */
2043    char *host = (conn->origin->user_hostname[0] == '[') ?
2044       conn->origin->user_hostname : conn->origin->hostname;
2045
2046    if(((conn->given->protocol & (CURLPROTO_HTTPS | CURLPROTO_WSS)) &&
2047        (conn->origin->port == PORT_HTTPS)) ||
2048       ((conn->given->protocol & (CURLPROTO_HTTP | CURLPROTO_WS)) &&
2049        (conn->origin->port == PORT_HTTP)))
2050      /* if(HTTPS on port 443) OR (HTTP on port 80) then do not include
2051         the port number in the host string */
2052      aptr->host = curl_maprintf("Host: %s\r\n", host);
2053    else
2054      aptr->host = curl_maprintf("Host: %s:%d\r\n", host, conn->origin->port);
2055
2056    if(!aptr->host)
2057      /* without Host: we cannot make a nice request */
2058      return CURLE_OUT_OF_MEMORY;
2059  }
2060  return CURLE_OK;
2061}
2062
2063/*
2064 * Append the request-target to the HTTP request
2065 */
2066static CURLcode http_target(struct Curl_easy *data,
2067                            struct dynbuf *r)
2068{
2069  CURLcode result = CURLE_OK;
2070  const char *path = data->state.up.path;
2071  const char *query = data->state.up.query;
2072#ifndef CURL_DISABLE_PROXY
2073  struct connectdata *conn = data->conn;
2074#endif
2075
2076  if(data->set.str[STRING_TARGET]) {
2077    path = data->set.str[STRING_TARGET];
2078    query = NULL;
2079  }
2080
2081#ifndef CURL_DISABLE_PROXY
2082  if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
2083    /* Using a proxy but does not tunnel through it */
2084
2085    /* The path sent to the proxy is in fact the entire URL, but if the remote
2086       host is a IDN-name, we must make sure that the request we produce only
2087       uses the encoded hostname! */
2088
2089    /* and no fragment part */
2090    CURLUcode uc;
2091    char *url;
2092    CURLU *h = curl_url_dup(data->state.uh);
2093    if(!h)
2094      return CURLE_OUT_OF_MEMORY;
2095
2096    if(conn->origin->user_hostname != conn->origin->hostname) {
2097      uc = curl_url_set(h, CURLUPART_HOST, conn->origin->hostname, 0);
2098      if(uc) {
2099        curl_url_cleanup(h);
2100        return CURLE_OUT_OF_MEMORY;
2101      }
2102    }
2103    uc = curl_url_set(h, CURLUPART_FRAGMENT, NULL, 0);
2104    if(uc) {
2105      curl_url_cleanup(h);
2106      return CURLE_OUT_OF_MEMORY;
2107    }
2108
2109    if(curl_strequal("http", data->state.up.scheme)) {
2110      /* when getting HTTP, we do not want the userinfo the URL */
2111      uc = curl_url_set(h, CURLUPART_USER, NULL, 0);
2112      if(uc) {
2113        curl_url_cleanup(h);
2114        return CURLE_OUT_OF_MEMORY;
2115      }
2116      uc = curl_url_set(h, CURLUPART_PASSWORD, NULL, 0);
2117      if(uc) {
2118        curl_url_cleanup(h);
2119        return CURLE_OUT_OF_MEMORY;
2120      }
2121    }
2122    else if(data->state.creds && (data->state.creds->source != CREDS_URL)) {
2123        /* credentials not from the URL need to be set */
2124      uc = curl_url_set(h, CURLUPART_USER,
2125                        data->state.creds->user, CURLU_URLENCODE);
2126      if(!uc)
2127        uc = curl_url_set(h, CURLUPART_PASSWORD,
2128                          data->state.creds->passwd, CURLU_URLENCODE);
2129      if(uc) {
2130        curl_url_cleanup(h);
2131        return Curl_uc_to_curlcode(uc);
2132      }
2133    }
2134
2135    /* Extract the URL to use in the request. */
2136    uc = curl_url_get(h, CURLUPART_URL, &url, CURLU_NO_DEFAULT_PORT);
2137    if(uc) {
2138      curl_url_cleanup(h);
2139      return CURLE_OUT_OF_MEMORY;
2140    }
2141
2142    curl_url_cleanup(h);
2143
2144    /* target or URL */
2145    result = curlx_dyn_add(r, data->set.str[STRING_TARGET] ?
2146      data->set.str[STRING_TARGET] : url);
2147    curlx_free(url);
2148    if(result)
2149      return result;
2150
2151    if(curl_strequal("ftp", data->state.up.scheme) &&
2152       data->set.proxy_transfer_mode) {
2153      /* when doing ftp, append ;type=<a|i> if not present */
2154      size_t len = strlen(path);
2155      bool type_present = FALSE;
2156      if((len >= 7) && !memcmp(&path[len - 7], ";type=", 6)) {
2157        switch(Curl_raw_toupper(path[len - 1])) {
2158        case 'A':
2159        case 'D':
2160        case 'I':
2161          type_present = TRUE;
2162          break;
2163        }
2164      }
2165      if(!type_present) {
2166        result = curlx_dyn_addf(r, ";type=%c",
2167                                data->state.prefer_ascii ? 'a' : 'i');
2168        if(result)
2169          return result;
2170      }
2171    }
2172  }
2173
2174  else
2175#endif
2176  {
2177    result = curlx_dyn_add(r, path);
2178    if(result)
2179      return result;
2180    if(query)
2181      result = curlx_dyn_addf(r, "?%s", query);
2182  }
2183
2184  return result;
2185}
2186
2187#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API)
2188static CURLcode set_post_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
2189{
2190  CURLcode result;
2191
2192  switch(httpreq) {
2193#ifndef CURL_DISABLE_MIME
2194  case HTTPREQ_POST_MIME:
2195    data->state.mimepost = data->set.mimepostp;
2196    break;
2197#endif
2198#ifndef CURL_DISABLE_FORM_API
2199  case HTTPREQ_POST_FORM:
2200    /* Convert the form structure into a mime structure, then keep
2201       the conversion */
2202    if(!data->state.formp) {
2203      data->state.formp = curlx_calloc(1, sizeof(curl_mimepart));
2204      if(!data->state.formp)
2205        return CURLE_OUT_OF_MEMORY;
2206      Curl_mime_cleanpart(data->state.formp);
2207      result = Curl_getformdata(data, data->state.formp, data->set.httppost,
2208                                data->state.fread_func);
2209      if(result) {
2210        curlx_safefree(data->state.formp);
2211        return result;
2212      }
2213      data->state.mimepost = data->state.formp;
2214    }
2215    break;
2216#endif
2217  default:
2218    data->state.mimepost = NULL;
2219    break;
2220  }
2221
2222  switch(httpreq) {
2223  case HTTPREQ_POST_FORM:
2224  case HTTPREQ_POST_MIME:
2225    /* This is form posting using mime data. */
2226#ifndef CURL_DISABLE_MIME
2227    if(data->state.mimepost) {
2228      const char *cthdr = Curl_checkheaders(data, STRCONST("Content-Type"));
2229
2230      /* Read and seek body only. */
2231      data->state.mimepost->flags |= MIME_BODY_ONLY;
2232
2233      /* Prepare the mime structure headers & set content type. */
2234
2235      if(cthdr)
2236        for(cthdr += 13; *cthdr == ' '; cthdr++)
2237          ;
2238      else if(data->state.mimepost->kind == MIMEKIND_MULTIPART)
2239        cthdr = "multipart/form-data";
2240
2241      curl_mime_headers(data->state.mimepost, data->set.headers, 0);
2242      result = Curl_mime_prepare_headers(data, data->state.mimepost, cthdr,
2243                                         NULL, MIMESTRATEGY_FORM);
2244      if(result)
2245        return result;
2246      curl_mime_headers(data->state.mimepost, NULL, 0);
2247      result = Curl_creader_set_mime(data, data->state.mimepost);
2248      if(result)
2249        return result;
2250    }
2251    else
2252#endif
2253    {
2254      result = Curl_creader_set_null(data);
2255    }
2256    data->state.infilesize = Curl_creader_total_length(data);
2257    return result;
2258
2259  default:
2260    return Curl_creader_set_null(data);
2261  }
2262  /* never reached */
2263}
2264#endif
2265
2266static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
2267{
2268  CURLcode result = CURLE_OK;
2269  curl_off_t postsize = data->state.infilesize;
2270
2271  DEBUGASSERT(data->conn);
2272
2273  if(data->req.authneg) {
2274    return Curl_creader_set_null(data);
2275  }
2276
2277  switch(httpreq) {
2278  case HTTPREQ_PUT: /* Let's PUT the data to the server! */
2279    return postsize ? Curl_creader_set_fread(data, postsize) :
2280      Curl_creader_set_null(data);
2281
2282#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API)
2283  case HTTPREQ_POST_FORM:
2284  case HTTPREQ_POST_MIME:
2285    return set_post_reader(data, httpreq);
2286#endif
2287
2288  case HTTPREQ_POST:
2289    /* this is the simple POST, using x-www-form-urlencoded style */
2290    /* the size of the post body */
2291    if(!postsize) {
2292      result = Curl_creader_set_null(data);
2293    }
2294    else if(data->set.postfields) {
2295      size_t plen = curlx_sotouz_range(postsize, 0, SIZE_MAX);
2296      if(plen == SIZE_MAX)
2297        return CURLE_OUT_OF_MEMORY;
2298      else if(plen)
2299        result = Curl_creader_set_buf(data, data->set.postfields, plen);
2300      else
2301        result = Curl_creader_set_null(data);
2302    }
2303    else {
2304      /* we read the bytes from the callback. In case "chunked" encoding
2305       * is forced by the application, we disregard `postsize`. This is
2306       * a backward compatibility decision to earlier versions where
2307       * chunking disregarded this. See issue #13229. */
2308      bool chunked = FALSE;
2309      char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
2310      if(ptr) {
2311        /* Some kind of TE is requested, check if 'chunked' is chosen */
2312        chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
2313                                     STRCONST("chunked"));
2314      }
2315      result = Curl_creader_set_fread(data, chunked ? -1 : postsize);
2316    }
2317    return result;
2318
2319  default:
2320    /* HTTP GET/HEAD download, has no body, needs no Content-Length */
2321    data->state.infilesize = 0;
2322    return Curl_creader_set_null(data);
2323  }
2324  /* not reached */
2325}
2326
2327static CURLcode http_resume(struct Curl_easy *data, Curl_HttpReq httpreq)
2328{
2329  if((HTTPREQ_POST == httpreq || HTTPREQ_PUT == httpreq) &&
2330     data->state.resume_from) {
2331    /**********************************************************************
2332     * Resuming upload in HTTP means that we PUT or POST and that we have
2333     * got a resume_from value set. The resume value has already created
2334     * a Range: header that will be passed along. We need to "fast forward"
2335     * the file the given number of bytes and decrease the assume upload
2336     * file size before we continue this venture in the dark lands of HTTP.
2337     * Resuming mime/form posting at an offset > 0 has no sense and is ignored.
2338     *********************************************************************/
2339
2340    if(data->state.resume_from < 0) {
2341      /*
2342       * This is meant to get the size of the present remote-file by itself.
2343       * We do not support this now. Bail out!
2344       */
2345      data->state.resume_from = 0;
2346    }
2347
2348    if(data->state.resume_from && !data->req.authneg) {
2349      /* only act on the first request */
2350      CURLcode result;
2351      result = Curl_creader_resume_from(data, data->state.resume_from);
2352      if(result) {
2353        failf(data, "Unable to resume from offset %" FMT_OFF_T,
2354              data->state.resume_from);
2355        return result;
2356      }
2357    }
2358  }
2359  return CURLE_OK;
2360}
2361
2362static CURLcode http_req_set_TE(struct Curl_easy *data,
2363                                struct dynbuf *req,
2364                                int httpversion)
2365{
2366  CURLcode result = CURLE_OK;
2367  const char *ptr;
2368
2369  ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
2370  if(ptr) {
2371    /* Some kind of TE is requested, check if 'chunked' is chosen */
2372    data->req.upload_chunky =
2373      Curl_compareheader(ptr,
2374                         STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
2375    if(data->req.upload_chunky && (httpversion >= 20)) {
2376      infof(data, "suppressing chunked transfer encoding on connection "
2377            "using HTTP version 2 or higher");
2378      data->req.upload_chunky = FALSE;
2379    }
2380  }
2381  else {
2382    curl_off_t req_clen = Curl_creader_total_length(data);
2383
2384    if(req_clen < 0) {
2385      /* indeterminate request content length */
2386      if(httpversion > 10) {
2387        /* On HTTP/1.1, enable chunked, on HTTP/2 and later we do not
2388         * need it */
2389        data->req.upload_chunky = (httpversion < 20);
2390      }
2391      else {
2392        failf(data, "Chunky upload is not supported by HTTP 1.0");
2393        return CURLE_UPLOAD_FAILED;
2394      }
2395    }
2396    else {
2397      /* else, no chunky upload */
2398      data->req.upload_chunky = FALSE;
2399    }
2400
2401    if(data->req.upload_chunky)
2402      result = curlx_dyn_add(req, "Transfer-Encoding: chunked\r\n");
2403  }
2404  return result;
2405}
2406
2407static CURLcode addexpect(struct Curl_easy *data, struct dynbuf *r,
2408                          int httpversion, bool *announced_exp100)
2409{
2410  CURLcode result;
2411  char *ptr;
2412
2413  *announced_exp100 = FALSE;
2414  /* Avoid Expect: 100-continue if Upgrade: is used */
2415  if(data->req.upgr101 != UPGR101_NONE)
2416    return CURLE_OK;
2417
2418  /* For really small puts we do not use Expect: headers at all, and for
2419     the somewhat bigger ones we allow the app to disable it. Make
2420     sure that the expect100header is always set to the preferred value
2421     here. */
2422  ptr = Curl_checkheaders(data, STRCONST("Expect"));
2423  if(ptr) {
2424    *announced_exp100 =
2425      Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue"));
2426  }
2427  else if(!data->state.disableexpect && (httpversion == 11)) {
2428    /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an
2429       Expect: 100-continue to the headers which actually speeds up post
2430       operations (as there is one packet coming back from the web server) */
2431    curl_off_t client_len = Curl_creader_client_length(data);
2432    if(client_len > EXPECT_100_THRESHOLD || client_len < 0) {
2433      result = curlx_dyn_addn(r, STRCONST("Expect: 100-continue\r\n"));
2434      if(result)
2435        return result;
2436      *announced_exp100 = TRUE;
2437    }
2438  }
2439  return CURLE_OK;
2440}
2441
2442static CURLcode http_add_content_hds(struct Curl_easy *data,
2443                                     struct dynbuf *r,
2444                                     int httpversion,
2445                                     Curl_HttpReq httpreq)
2446{
2447  CURLcode result = CURLE_OK;
2448  curl_off_t req_clen;
2449  bool announced_exp100 = FALSE;
2450
2451  DEBUGASSERT(data->conn);
2452  if(data->req.upload_chunky) {
2453    result = Curl_httpchunk_add_reader(data);
2454    if(result)
2455      return result;
2456  }
2457
2458  /* Get the request body length that has been set up */
2459  req_clen = Curl_creader_total_length(data);
2460  switch(httpreq) {
2461  case HTTPREQ_PUT:
2462  case HTTPREQ_POST:
2463#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API)
2464  case HTTPREQ_POST_FORM:
2465  case HTTPREQ_POST_MIME:
2466#endif
2467    /* We only set Content-Length and allow a custom Content-Length if
2468       we do not upload data chunked, as RFC2616 forbids us to set both
2469       kinds of headers (Transfer-Encoding: chunked and Content-Length).
2470       We do not override a custom "Content-Length" header, but during
2471       authentication negotiation that header is suppressed.
2472     */
2473    if(req_clen >= 0 && !data->req.upload_chunky &&
2474       (data->req.authneg ||
2475        !Curl_checkheaders(data, STRCONST("Content-Length")))) {
2476      /* we allow replacing this header if not during auth negotiation,
2477         although it is not wise to actually set your own */
2478      result = curlx_dyn_addf(r, "Content-Length: %" FMT_OFF_T "\r\n",
2479                              req_clen);
2480    }
2481    if(result)
2482      goto out;
2483
2484#ifndef CURL_DISABLE_MIME
2485    /* Output mime-generated headers. */
2486    if(data->state.mimepost &&
2487       ((httpreq == HTTPREQ_POST_FORM) || (httpreq == HTTPREQ_POST_MIME))) {
2488      struct curl_slist *hdr;
2489
2490      for(hdr = data->state.mimepost->curlheaders; hdr; hdr = hdr->next) {
2491        result = curlx_dyn_addf(r, "%s\r\n", hdr->data);
2492        if(result)
2493          goto out;
2494      }
2495    }
2496#endif
2497    if(httpreq == HTTPREQ_POST) {
2498      if(!Curl_checkheaders(data, STRCONST("Content-Type"))) {
2499        result = curlx_dyn_addn(r, STRCONST("Content-Type: application/"
2500                                            "x-www-form-urlencoded\r\n"));
2501        if(result)
2502          goto out;
2503      }
2504    }
2505    result = addexpect(data, r, httpversion, &announced_exp100);
2506    if(result)
2507      goto out;
2508    break;
2509  default:
2510    break;
2511  }
2512
2513  Curl_pgrsSetUploadSize(data, req_clen);
2514  if(announced_exp100)
2515    result = http_exp100_add_reader(data);
2516
2517out:
2518  return result;
2519}
2520
2521#ifndef CURL_DISABLE_COOKIES
2522
2523static CURLcode http_cookies(struct Curl_easy *data,
2524                             struct dynbuf *r)
2525{
2526  CURLcode result = CURLE_OK;
2527  char *addcookies = NULL;
2528  bool linecap = FALSE;
2529  if(data->set.str[STRING_COOKIE] &&
2530     !Curl_checkheaders(data, STRCONST("Cookie")))
2531    addcookies = data->set.str[STRING_COOKIE];
2532
2533  if(data->cookies || addcookies) {
2534    struct Curl_llist list;
2535    int count = 0;
2536
2537    if(data->cookies && data->state.cookie_engine) {
2538      bool okay;
2539      const char *host = data->req.cookiehost ?
2540        data->req.cookiehost : data->conn->origin->hostname;
2541      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
2542      result = Curl_cookie_getlist(data, data->conn, &okay, host, &list);
2543      if(!result && okay) {
2544        struct Curl_llist_node *n;
2545        size_t clen = 8; /* hold the size of the generated Cookie: header */
2546
2547        /* loop through all cookies that matched */
2548        for(n = Curl_llist_head(&list); n; n = Curl_node_next(n)) {
2549          struct Cookie *co = Curl_node_elem(n);
2550          if(co->value) {
2551            size_t add;
2552            if(!count) {
2553              result = curlx_dyn_addn(r, STRCONST("Cookie: "));
2554              if(result)
2555                break;
2556            }
2557            add = strlen(co->name) + strlen(co->value) + 1;
2558            if(clen + add >= MAX_COOKIE_HEADER_LEN) {
2559              infof(data, "Restricted outgoing cookies due to header size, "
2560                    "'%s' not sent", co->name);
2561              linecap = TRUE;
2562              break;
2563            }
2564            result = curlx_dyn_addf(r, "%s%s=%s", count ? "; " : "",
2565                                    co->name, co->value);
2566            if(result)
2567              break;
2568            clen += add + (count ? 2 : 0);
2569            count++;
2570          }
2571        }
2572        Curl_llist_destroy(&list, NULL);
2573      }
2574      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
2575    }
2576    if(addcookies && !result && !linecap) {
2577      if(!count)
2578        result = curlx_dyn_addn(r, STRCONST("Cookie: "));
2579      if(!result) {
2580        result = curlx_dyn_addf(r, "%s%s", count ? "; " : "", addcookies);
2581        count++;
2582      }
2583    }
2584    if(count && !result)
2585      result = curlx_dyn_addn(r, STRCONST("\r\n"));
2586
2587    if(result)
2588      return result;
2589  }
2590  return result;
2591}
2592#else
2593#define http_cookies(a, b) CURLE_OK
2594#endif
2595
2596static CURLcode http_range(struct Curl_easy *data,
2597                           Curl_HttpReq httpreq)
2598{
2599  if(data->state.use_range) {
2600    /*
2601     * A range is selected. We use different headers whether we are downloading
2602     * or uploading and we always let customized headers override our internal
2603     * ones if any such are specified.
2604     */
2605    if(((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) &&
2606       !Curl_checkheaders(data, STRCONST("Range"))) {
2607      /* if a line like this was already allocated, free the previous one */
2608      curlx_free(data->state.aptr.rangeline);
2609      data->state.aptr.rangeline = curl_maprintf("Range: bytes=%s\r\n",
2610                                                 data->state.range);
2611      if(!data->state.aptr.rangeline)
2612        return CURLE_OUT_OF_MEMORY;
2613    }
2614    else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) &&
2615            !Curl_checkheaders(data, STRCONST("Content-Range"))) {
2616      curl_off_t req_clen = Curl_creader_total_length(data);
2617      /* if a line like this was already allocated, free the previous one */
2618      curlx_free(data->state.aptr.rangeline);
2619
2620      if(data->set.set_resume_from < 0) {
2621        /* Upload resume was asked for, but we do not know the size of the
2622           remote part so we tell the server (and act accordingly) that we
2623           upload the whole file (again) */
2624        data->state.aptr.rangeline =
2625          curl_maprintf("Content-Range: bytes 0-%" FMT_OFF_T "/"
2626                        "%" FMT_OFF_T "\r\n", req_clen - 1, req_clen);
2627      }
2628      else if(data->state.resume_from) {
2629        /* This is because "resume" was selected */
2630        /* Not sure if we want to send this header during authentication
2631         * negotiation, but test1084 checks for it. In which case we have a
2632         * "null" client reader installed that gives an unexpected length. */
2633        curl_off_t total_len = data->req.authneg ?
2634                               data->state.infilesize :
2635                               (data->state.resume_from + req_clen);
2636        data->state.aptr.rangeline =
2637          curl_maprintf("Content-Range: bytes %s%" FMT_OFF_T "/"
2638                        "%" FMT_OFF_T "\r\n",
2639                        data->state.range, total_len - 1, total_len);
2640      }
2641      else {
2642        /* Range was selected and then we pass the incoming range and append
2643           total size */
2644        data->state.aptr.rangeline =
2645          curl_maprintf("Content-Range: bytes %s/%" FMT_OFF_T "\r\n",
2646                        data->state.range, req_clen);
2647      }
2648      if(!data->state.aptr.rangeline)
2649        return CURLE_OUT_OF_MEMORY;
2650    }
2651  }
2652  return CURLE_OK;
2653}
2654
2655static CURLcode http_firstwrite(struct Curl_easy *data)
2656{
2657  struct connectdata *conn = data->conn;
2658  struct SingleRequest *k = &data->req;
2659
2660  if(data->req.newurl) {
2661    if(conn->bits.close) {
2662      /* Abort after the headers if "follow Location" is set
2663         and we are set to close anyway. */
2664      CURL_REQ_CLEAR_RECV(data);
2665      k->done = TRUE;
2666      return CURLE_OK;
2667    }
2668    /* We have a new URL to load, but since we want to be able to reuse this
2669       connection properly, we read the full response in "ignore more" */
2670    k->ignorebody = TRUE;
2671    infof(data, "Ignoring the response-body");
2672  }
2673  if(data->state.resume_from && !k->content_range &&
2674     (data->state.httpreq == HTTPREQ_GET) &&
2675     !k->ignorebody) {
2676
2677    if(k->size == data->state.resume_from) {
2678      /* The resume point is at the end of file, consider this fine even if it
2679         does not allow resume from here. */
2680      infof(data, "The entire document is already downloaded");
2681      streamclose(conn, "already downloaded");
2682      /* Abort download */
2683      CURL_REQ_CLEAR_RECV(data);
2684      k->done = TRUE;
2685      return CURLE_OK;
2686    }
2687
2688    /* we wanted to resume a download, although the server does not seem to
2689     * support this and we did this with a GET (if it was not a GET we did a
2690     * POST or PUT resume) */
2691    failf(data, "HTTP server does not seem to support "
2692          "byte ranges. Cannot resume.");
2693    return CURLE_RANGE_ERROR;
2694  }
2695
2696  if(data->set.timecondition && !data->state.range) {
2697    /* A time condition has been set AND no ranges have been requested. This
2698       seems to be what chapter 13.3.4 of RFC 2616 defines to be the correct
2699       action for an HTTP/1.1 client */
2700
2701    if(!Curl_meets_timecondition(data, k->timeofdoc)) {
2702      k->done = TRUE;
2703      /* We are simulating an HTTP 304 from server so we return
2704         what should have been returned from the server */
2705      data->info.httpcode = 304;
2706      infof(data, "Simulate an HTTP 304 response");
2707      /* we abort the transfer before it is completed == we ruin the
2708         reuse ability. Close the connection */
2709      streamclose(conn, "Simulated 304 handling");
2710      return CURLE_OK;
2711    }
2712  } /* we have a time condition */
2713
2714  return CURLE_OK;
2715}
2716
2717static CURLcode http_check_new_conn(struct Curl_easy *data)
2718{
2719  struct connectdata *conn = data->conn;
2720  const char *info_version = NULL;
2721  const char *alpn;
2722  CURLcode result;
2723
2724  alpn = Curl_conn_get_alpn_negotiated(data, conn);
2725  if(alpn && !strcmp("h3", alpn)) {
2726    DEBUGASSERT(Curl_conn_http_version(data, conn) == 30);
2727    info_version = "HTTP/3";
2728  }
2729  else if(alpn && !strcmp("h2", alpn)) {
2730#ifndef CURL_DISABLE_PROXY
2731    if((Curl_conn_http_version(data, conn) != 20) &&
2732       conn->bits.proxy && !conn->bits.tunnel_proxy) {
2733      result = Curl_http2_switch(data);
2734      if(result)
2735        return result;
2736    }
2737    else
2738#endif
2739    DEBUGASSERT(Curl_conn_http_version(data, conn) == 20);
2740    info_version = "HTTP/2";
2741  }
2742  else {
2743    /* Check if user wants to use HTTP/2 with clear TCP */
2744    if(Curl_http2_may_switch(data)) {
2745      DEBUGF(infof(data, "HTTP/2 over clean TCP"));
2746      result = Curl_http2_switch(data);
2747      if(result)
2748        return result;
2749      info_version = "HTTP/2";
2750      /* There is no ALPN here, but the connection is now definitely h2 */
2751      conn->httpversion_seen = 20;
2752      Curl_conn_set_multiplex(conn);
2753    }
2754    else
2755      info_version = "HTTP/1.x";
2756  }
2757
2758  if(info_version)
2759    infof(data, "using %s", info_version);
2760  return CURLE_OK;
2761}
2762
2763static CURLcode http_add_connection_hd(struct Curl_easy *data,
2764                                       struct dynbuf *req)
2765{
2766  struct curl_slist *head;
2767  const char *sep = "Connection: ";
2768  CURLcode result = CURLE_OK;
2769  size_t rlen = curlx_dyn_len(req);
2770  bool skip;
2771
2772  /* Add the 1st custom "Connection: " header, if there is one */
2773  for(head = data->set.headers; head; head = head->next) {
2774    if(curl_strnequal(head->data, "Connection", 10) &&
2775       Curl_headersep(head->data[10]) &&
2776       !http_header_is_empty(head->data)) {
2777      char *value;
2778      result = copy_custom_value(head->data, &value);
2779      if(result)
2780        return result;
2781      result = curlx_dyn_addf(req, "%s%s", sep, value);
2782      sep = ", ";
2783      curlx_free(value);
2784      break; /* leave, having added 1st one */
2785    }
2786  }
2787
2788  /* add our internal Connection: header values, if we have any */
2789  if(!result && data->state.http_hd_te) {
2790    result = curlx_dyn_addf(req, "%s%s", sep, "TE");
2791    sep = ", ";
2792  }
2793  if(!result && data->state.http_hd_upgrade) {
2794    result = curlx_dyn_addf(req, "%s%s", sep, "Upgrade");
2795    sep = ", ";
2796  }
2797  if(!result && data->state.http_hd_h2_settings) {
2798    result = curlx_dyn_addf(req, "%s%s", sep, "HTTP2-Settings");
2799  }
2800  if(!result && (rlen < curlx_dyn_len(req)))
2801    result = curlx_dyn_addn(req, STRCONST("\r\n"));
2802  if(result)
2803    return result;
2804
2805  /* Add all user-defined Connection: headers after the first */
2806  skip = TRUE;
2807  for(head = data->set.headers; head; head = head->next) {
2808    if(curl_strnequal(head->data, "Connection", 10) &&
2809       Curl_headersep(head->data[10]) &&
2810       !http_header_is_empty(head->data)) {
2811      if(skip) {
2812        skip = FALSE;
2813        continue;
2814      }
2815      result = curlx_dyn_addf(req, "%s\r\n", head->data);
2816      if(result)
2817        return result;
2818    }
2819  }
2820
2821  return CURLE_OK;
2822}
2823
2824/* Header identifier in order we send them by default */
2825typedef enum {
2826  H1_HD_REQUEST,
2827  H1_HD_HOST,
2828#ifndef CURL_DISABLE_PROXY
2829  H1_HD_PROXY_AUTH,
2830#endif
2831  H1_HD_AUTH,
2832  H1_HD_RANGE,
2833  H1_HD_USER_AGENT,
2834  H1_HD_ACCEPT,
2835  H1_HD_TE,
2836  H1_HD_ACCEPT_ENCODING,
2837  H1_HD_REFERER,
2838#ifndef CURL_DISABLE_PROXY
2839  H1_HD_PROXY_CONNECTION,
2840#endif
2841  H1_HD_TRANSFER_ENCODING,
2842#ifndef CURL_DISABLE_ALTSVC
2843  H1_HD_ALT_USED,
2844#endif
2845  H1_HD_UPGRADE,
2846  H1_HD_COOKIES,
2847  H1_HD_CONDITIONALS,
2848  H1_HD_CUSTOM,
2849  H1_HD_CONTENT,
2850  H1_HD_CONNECTION,
2851  H1_HD_LAST  /* the last, empty header line */
2852} http_hd_t;
2853
2854static CURLcode http_add_hd(struct Curl_easy *data,
2855                            struct dynbuf *req,
2856                            http_hd_t id,
2857                            unsigned char httpversion,
2858                            const char *method,
2859                            Curl_HttpReq httpreq)
2860{
2861  CURLcode result = CURLE_OK;
2862#if !defined(CURL_DISABLE_ALTSVC) || \
2863  !defined(CURL_DISABLE_PROXY) || \
2864  !defined(CURL_DISABLE_WEBSOCKETS)
2865  struct connectdata *conn = data->conn;
2866#endif
2867  switch(id) {
2868  case H1_HD_REQUEST:
2869    /* add the main request stuff */
2870    /* GET/HEAD/POST/PUT */
2871    result = curlx_dyn_addf(req, "%s ", method);
2872    if(!result)
2873      result = http_target(data, req);
2874    if(!result)
2875      result = curlx_dyn_addf(req, " HTTP/%s\r\n",
2876                              get_http_string(httpversion));
2877    break;
2878
2879  case H1_HD_HOST:
2880    if(data->state.aptr.host)
2881      result = curlx_dyn_add(req, data->state.aptr.host);
2882    break;
2883
2884#ifndef CURL_DISABLE_PROXY
2885  case H1_HD_PROXY_AUTH:
2886    if(data->req.hd_proxy_auth)
2887      result = curlx_dyn_add(req, data->req.hd_proxy_auth);
2888    break;
2889#endif
2890
2891  case H1_HD_AUTH:
2892    if(data->req.hd_auth)
2893      result = curlx_dyn_add(req, data->req.hd_auth);
2894    break;
2895
2896  case H1_HD_RANGE:
2897    if(data->state.use_range && data->state.aptr.rangeline)
2898      result = curlx_dyn_add(req, data->state.aptr.rangeline);
2899    break;
2900
2901  case H1_HD_USER_AGENT:
2902    if(data->set.str[STRING_USERAGENT] && /* User-Agent: */
2903       *data->set.str[STRING_USERAGENT] &&
2904       data->state.aptr.uagent)
2905      result = curlx_dyn_add(req, data->state.aptr.uagent);
2906    break;
2907
2908  case H1_HD_ACCEPT:
2909    if(!Curl_checkheaders(data, STRCONST("Accept")))
2910      result = curlx_dyn_add(req, "Accept: */*\r\n");
2911    break;
2912
2913  case H1_HD_TE:
2914#ifdef HAVE_LIBZ
2915    if(!Curl_checkheaders(data, STRCONST("TE")) &&
2916       data->set.http_transfer_encoding) {
2917      data->state.http_hd_te = TRUE;
2918      result = curlx_dyn_add(req, "TE: gzip\r\n");
2919    }
2920#endif
2921    break;
2922
2923  case H1_HD_ACCEPT_ENCODING:
2924    curlx_safefree(data->state.aptr.accept_encoding);
2925    if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) &&
2926       data->set.str[STRING_ENCODING])
2927      result = curlx_dyn_addf(req, "Accept-Encoding: %s\r\n",
2928                              data->set.str[STRING_ENCODING]);
2929    break;
2930
2931  case H1_HD_REFERER:
2932    curlx_safefree(data->state.aptr.ref);
2933    if(Curl_bufref_ptr(&data->state.referer) &&
2934       !Curl_checkheaders(data, STRCONST("Referer")))
2935      result = curlx_dyn_addf(req, "Referer: %s\r\n",
2936                              Curl_bufref_ptr(&data->state.referer));
2937    break;
2938
2939#ifndef CURL_DISABLE_PROXY
2940  case H1_HD_PROXY_CONNECTION:
2941    if(conn->bits.httpproxy &&
2942       !conn->bits.tunnel_proxy &&
2943       !Curl_checkheaders(data, STRCONST("Proxy-Connection")) &&
2944       !Curl_checkProxyheaders(data, data->conn, STRCONST("Proxy-Connection")))
2945      result = curlx_dyn_add(req, "Proxy-Connection: Keep-Alive\r\n");
2946    break;
2947#endif
2948
2949  case H1_HD_TRANSFER_ENCODING:
2950    result = http_req_set_TE(data, req, httpversion);
2951    break;
2952
2953#ifndef CURL_DISABLE_ALTSVC
2954  case H1_HD_ALT_USED:
2955    if(conn->bits.altused && conn->via_peer &&
2956       !Curl_checkheaders(data, STRCONST("Alt-Used")))
2957      result = curlx_dyn_addf(req, "Alt-Used: %s:%u\r\n",
2958                              conn->via_peer->hostname, conn->via_peer->port);
2959    break;
2960#endif
2961
2962  case H1_HD_UPGRADE:
2963    if(!Curl_conn_is_ssl(data->conn, FIRSTSOCKET) && (httpversion < 20) &&
2964       (data->state.http_neg.wanted & CURL_HTTP_V2x) &&
2965       data->state.http_neg.h2_upgrade) {
2966      /* append HTTP2 upgrade magic stuff to the HTTP request if it is not done
2967         over SSL */
2968      result = Curl_http2_request_upgrade(req, data);
2969    }
2970#ifndef CURL_DISABLE_WEBSOCKETS
2971    if(!result && conn->scheme->protocol & (CURLPROTO_WS | CURLPROTO_WSS))
2972      result = Curl_ws_request(data, req);
2973#endif
2974    break;
2975
2976  case H1_HD_COOKIES:
2977    result = http_cookies(data, req);
2978    break;
2979
2980  case H1_HD_CONDITIONALS:
2981    result = Curl_add_timecondition(data, req);
2982    break;
2983
2984  case H1_HD_CUSTOM:
2985    result = Curl_add_custom_headers(data, FALSE, httpversion, req);
2986    break;
2987
2988  case H1_HD_CONTENT:
2989    result = http_add_content_hds(data, req, httpversion, httpreq);
2990    break;
2991
2992  case H1_HD_CONNECTION: {
2993    result = http_add_connection_hd(data, req);
2994    break;
2995  }
2996
2997  case H1_HD_LAST:
2998    result = curlx_dyn_addn(req, STRCONST("\r\n"));
2999    break;
3000  }
3001  return result;
3002}
3003
3004/*
3005 * Curl_http() gets called from the generic multi_do() function when an HTTP
3006 * request is to be performed. This creates and sends a properly constructed
3007 * HTTP request.
3008 */
3009CURLcode Curl_http(struct Curl_easy *data, bool *done)
3010{
3011  CURLcode result = CURLE_OK;
3012  Curl_HttpReq httpreq;
3013  const char *method;
3014  struct dynbuf req;
3015  unsigned char httpversion;
3016  size_t hd_id;
3017
3018  /* Always consider the DO phase done after this function call, even if there
3019     may be parts of the request that are not yet sent, since we can deal with
3020     the rest of the request in the PERFORM phase. */
3021  *done = TRUE;
3022  /* initialize a dynamic send-buffer */
3023  curlx_dyn_init(&req, DYN_HTTP_REQUEST);
3024  /* make sure the header buffer is reset - if there are leftovers from a
3025     previous transfer */
3026  curlx_dyn_reset(&data->state.headerb);
3027  data->state.maybe_folded = FALSE;
3028
3029  if(!data->conn->bits.reuse) {
3030    result = http_check_new_conn(data);
3031    if(result)
3032      goto out;
3033  }
3034
3035  /* Add collecting of headers written to client. For a new connection,
3036   * we might have done that already, but reuse
3037   * or multiplex needs it here as well. */
3038  result = Curl_headers_init(data);
3039  if(result)
3040    goto out;
3041
3042  data->state.http_hd_te = FALSE;
3043  data->state.http_hd_upgrade = FALSE;
3044  data->state.http_hd_h2_settings = FALSE;
3045
3046  /* what kind of request do we need to send? */
3047  Curl_http_method(data, &method, &httpreq);
3048
3049  /* select host to send */
3050  result = http_set_aptr_host(data);
3051  /* setup the authentication headers, how that method and host are known */
3052  if(!result)
3053    result = Curl_http_output_auth(data, data->conn, method, httpreq,
3054                                   data->state.up.path,
3055                                   data->state.up.query, FALSE);
3056  if(!result)
3057    result = http_useragent(data);
3058  /* Setup input reader, resume information and ranges */
3059  if(!result)
3060    result = set_reader(data, httpreq);
3061  if(!result)
3062    result = http_resume(data, httpreq);
3063  if(!result)
3064    result = http_range(data, httpreq);
3065  if(result)
3066    goto out;
3067
3068  httpversion = http_request_version(data);
3069  /* Add request line and all headers to `req` */
3070  for(hd_id = 0; hd_id <= H1_HD_LAST; ++hd_id) {
3071    result = http_add_hd(data, &req, (http_hd_t)hd_id,
3072                         httpversion, method, httpreq);
3073    if(result)
3074      goto out;
3075  }
3076
3077  /* setup variables for the upcoming transfer and send */
3078  Curl_xfer_setup_sendrecv(data, FIRSTSOCKET, -1);
3079  result = Curl_req_send(data, &req, httpversion);
3080
3081  if((httpversion >= 20) && data->req.upload_chunky)
3082    /* upload_chunky was set above to set up the request in a chunky fashion,
3083       but is disabled here again to avoid that the chunked encoded version is
3084       actually used when sending the request body over h2 */
3085    data->req.upload_chunky = FALSE;
3086
3087out:
3088  if(result == CURLE_TOO_LARGE)
3089    failf(data, "HTTP request too large");
3090
3091  curlx_dyn_free(&req);
3092  return result;
3093}
3094
3095typedef enum {
3096  STATUS_UNKNOWN, /* not enough data to tell yet */
3097  STATUS_DONE, /* a status line was read */
3098  STATUS_BAD /* not a status line */
3099} statusline;
3100
3101/* Check a string for a prefix. Check no more than 'len' bytes */
3102static bool checkprefixmax(const char *prefix, const char *buffer, size_t len)
3103{
3104  size_t ch = CURLMIN(strlen(prefix), len);
3105  return curl_strnequal(prefix, buffer, ch);
3106}
3107
3108/*
3109 * checkhttpprefix()
3110 *
3111 * Returns TRUE if member of the list matches prefix of string
3112 */
3113static statusline checkhttpprefix(struct Curl_easy *data,
3114                                  const char *s, size_t len)
3115{
3116  struct curl_slist *head = data->set.http200aliases;
3117  statusline rc = STATUS_BAD;
3118  statusline onmatch = len >= 5 ? STATUS_DONE : STATUS_UNKNOWN;
3119
3120  while(head) {
3121    if(checkprefixmax(head->data, s, len)) {
3122      rc = onmatch;
3123      break;
3124    }
3125    head = head->next;
3126  }
3127
3128  if((rc != STATUS_DONE) && (checkprefixmax("HTTP/", s, len)))
3129    rc = onmatch;
3130
3131  return rc;
3132}
3133
3134#ifndef CURL_DISABLE_RTSP
3135static statusline checkrtspprefix(struct Curl_easy *data,
3136                                  const char *s, size_t len)
3137{
3138  statusline status = STATUS_BAD;
3139  statusline onmatch = len >= 5 ? STATUS_DONE : STATUS_UNKNOWN;
3140  (void)data;
3141  if(checkprefixmax("RTSP/", s, len))
3142    status = onmatch;
3143
3144  return status;
3145}
3146#endif /* CURL_DISABLE_RTSP */
3147
3148static statusline checkprotoprefix(struct Curl_easy *data,
3149                                   struct connectdata *conn,
3150                                   const char *s, size_t len)
3151{
3152#ifndef CURL_DISABLE_RTSP
3153  if(conn->scheme->protocol & CURLPROTO_RTSP)
3154    return checkrtspprefix(data, s, len);
3155#else
3156  (void)conn;
3157#endif /* CURL_DISABLE_RTSP */
3158
3159  return checkhttpprefix(data, s, len);
3160}
3161
3162/* HTTP header has field name `n` (a string constant) */
3163#define HD_IS(hd, hdlen, n) \
3164  (((hdlen) >= (sizeof(n) - 1)) && curl_strnequal(n, hd, sizeof(n) - 1))
3165
3166#define HD_VAL(hd, hdlen, n) \
3167  ((((hdlen) >= (sizeof(n) - 1)) && (hd) && \
3168    curl_strnequal(n, hd, sizeof(n) - 1)) ? ((hd) + (sizeof(n) - 1)) : NULL)
3169
3170/* HTTP header has field name `n` (a string constant) and contains `v`
3171 * (a string constant) in its value(s) */
3172#define HD_IS_AND_SAYS(hd, hdlen, n, v) \
3173  (HD_IS(hd, hdlen, n) && \
3174   ((hdlen) > ((sizeof(n) - 1) + (sizeof(v) - 1))) && \
3175   Curl_compareheader(hd, STRCONST(n), STRCONST(v)))
3176
3177/*
3178 * http_header_a() parses a single response header starting with A.
3179 */
3180static CURLcode http_header_a(struct Curl_easy *data,
3181                              const char *hd, size_t hdlen)
3182{
3183#ifndef CURL_DISABLE_ALTSVC
3184  const char *v;
3185  struct connectdata *conn = data->conn;
3186  v = (data->asi &&
3187       (Curl_xfer_is_secure(data) ||
3188#ifdef DEBUGBUILD
3189        /* allow debug builds to circumvent the HTTPS restriction */
3190        getenv("CURL_ALTSVC_HTTP")
3191#else
3192        0
3193#endif
3194         )) ? HD_VAL(hd, hdlen, "Alt-Svc:") : NULL;
3195  if(v) {
3196    /* the ALPN of the current request */
3197    struct SingleRequest *k = &data->req;
3198    enum alpnid id = (k->httpversion == 30) ? ALPN_h3 :
3199      (k->httpversion == 20) ? ALPN_h2 : ALPN_h1;
3200    return Curl_altsvc_parse(data, data->asi, v, id, conn->origin->hostname,
3201                             curlx_uitous((unsigned int)conn->origin->port));
3202  }
3203#else
3204  (void)data;
3205  (void)hd;
3206  (void)hdlen;
3207#endif
3208  return CURLE_OK;
3209}
3210
3211/*
3212 * http_header_c() parses a single response header starting with C.
3213 */
3214static CURLcode http_header_c(struct Curl_easy *data,
3215                              const char *hd, size_t hdlen)
3216{
3217  struct connectdata *conn = data->conn;
3218  struct SingleRequest *k = &data->req;
3219  const char *v;
3220
3221  /* Check for Content-Length: header lines to get size. Browsers insist we
3222     should accept multiple Content-Length headers and that a comma separated
3223     list also is fine and then we should accept them all as long as they are
3224     the same value. Different values trigger error.
3225   */
3226  v = (!k->http_bodyless && !data->set.ignorecl) ?
3227    HD_VAL(hd, hdlen, "Content-Length:") : NULL;
3228  if(v) {
3229    do {
3230      curl_off_t contentlength;
3231      int offt = curlx_str_numblanks(&v, &contentlength);
3232
3233      if(offt == STRE_OVERFLOW) {
3234        /* out of range */
3235        if(data->set.max_filesize) {
3236          failf(data, "Maximum file size exceeded");
3237          return CURLE_FILESIZE_EXCEEDED;
3238        }
3239        streamclose(conn, "overflow content-length");
3240        infof(data, "Overflow Content-Length: value");
3241        return CURLE_OK;
3242      }
3243      else {
3244        if((offt == STRE_OK) &&
3245           ((k->size == -1) || /* not set to something before */
3246            (k->size == contentlength))) { /* or the same value */
3247
3248          k->size = contentlength;
3249          curlx_str_passblanks(&v);
3250
3251          /* on a comma, loop and get the next instead */
3252          if(!curlx_str_single(&v, ','))
3253            continue;
3254
3255          if(!curlx_str_newline(&v)) {
3256            k->maxdownload = k->size;
3257            return CURLE_OK;
3258          }
3259        }
3260        /* negative, different value or rubbish - bad HTTP */
3261        failf(data, "Invalid Content-Length: value");
3262        return CURLE_WEIRD_SERVER_REPLY;
3263      }
3264    } while(1);
3265  }
3266  v = (!k->http_bodyless && data->set.str[STRING_ENCODING]) ?
3267    HD_VAL(hd, hdlen, "Content-Encoding:") : NULL;
3268  if(v) {
3269    /*
3270     * Process Content-Encoding. Look for the values: identity, gzip, deflate,
3271     * compress, x-gzip and x-compress. x-gzip and x-compress are the same as
3272     * gzip and compress. (Sec 3.5 RFC 2616). zlib cannot handle compress.
3273     * Errors are handled further down when the response body is processed
3274     */
3275    return Curl_build_unencoding_stack(data, v, FALSE);
3276  }
3277  /* check for Content-Type: header lines to get the MIME-type */
3278  v = HD_VAL(hd, hdlen, "Content-Type:");
3279  if(v) {
3280    char *contenttype = Curl_copy_header_value(hd);
3281    if(!contenttype)
3282      return CURLE_OUT_OF_MEMORY;
3283    if(!*contenttype)
3284      /* ignore empty data */
3285      curlx_free(contenttype);
3286    else {
3287      curlx_free(data->info.contenttype);
3288      data->info.contenttype = contenttype;
3289    }
3290    return CURLE_OK;
3291  }
3292  if((k->httpversion < 20) &&
3293     HD_IS_AND_SAYS(hd, hdlen, "Connection:", "close")) {
3294    /*
3295     * [RFC 2616, section 8.1.2.1]
3296     * "Connection: close" is HTTP/1.1 language and means that
3297     * the connection will close when this request has been
3298     * served.
3299     */
3300    connclose(conn, "Connection: close used");
3301    return CURLE_OK;
3302  }
3303  if((k->httpversion == 10) &&
3304     HD_IS_AND_SAYS(hd, hdlen, "Connection:", "keep-alive")) {
3305    /*
3306     * An HTTP/1.0 reply with the 'Connection: keep-alive' line
3307     * tells us the connection will be kept alive for our
3308     * pleasure. Default action for 1.0 is to close.
3309     *
3310     * [RFC2068, section 19.7.1] */
3311    connkeep(conn, "Connection keep-alive");
3312    infof(data, "HTTP/1.0 connection set to keep alive");
3313    return CURLE_OK;
3314  }
3315  v = !k->http_bodyless ? HD_VAL(hd, hdlen, "Content-Range:") : NULL;
3316  if(v) {
3317    /* Content-Range: bytes [num]-
3318       Content-Range: bytes: [num]-
3319       Content-Range: [num]-
3320       Content-Range: [asterisk]/[total]
3321
3322       The second format was added since Sun's webserver
3323       JavaWebServer/1.1.1 obviously sends the header this way!
3324       The third added since some servers use that!
3325       The fourth means the requested range was unsatisfied.
3326    */
3327
3328    const char *ptr = v;
3329
3330    /* Move forward until first digit or asterisk */
3331    while(*ptr && !ISDIGIT(*ptr) && *ptr != '*')
3332      ptr++;
3333
3334    /* if it truly stopped on a digit */
3335    if(ISDIGIT(*ptr)) {
3336      if(!curlx_str_number(&ptr, &k->offset, CURL_OFF_T_MAX) &&
3337         (data->state.resume_from == k->offset))
3338        /* we asked for a resume and we got it */
3339        k->content_range = TRUE;
3340    }
3341    else if(k->httpcode < 300)
3342      data->state.resume_from = 0; /* get everything */
3343  }
3344  return CURLE_OK;
3345}
3346
3347/*
3348 * http_header_l() parses a single response header starting with L.
3349 */
3350static CURLcode http_header_l(struct Curl_easy *data,
3351                              const char *hd, size_t hdlen)
3352{
3353  struct connectdata *conn = data->conn;
3354  struct SingleRequest *k = &data->req;
3355  const char *v = (!k->http_bodyless &&
3356                   (data->set.timecondition || data->set.get_filetime)) ?
3357    HD_VAL(hd, hdlen, "Last-Modified:") : NULL;
3358  if(v) {
3359    if(Curl_getdate_capped(v, &k->timeofdoc))
3360      k->timeofdoc = 0;
3361    if(data->set.get_filetime)
3362      data->info.filetime = k->timeofdoc;
3363    return CURLE_OK;
3364  }
3365  if(HD_IS(hd, hdlen, "Location:")) {
3366    /* this is the URL that the server advises us to use instead */
3367    char *location = Curl_copy_header_value(hd);
3368    if(!location)
3369      return CURLE_OUT_OF_MEMORY;
3370    if(!*location ||
3371       (data->req.location && !strcmp(data->req.location, location))) {
3372      /* ignore empty header, or exact repeat of a previous one */
3373      curlx_free(location);
3374      return CURLE_OK;
3375    }
3376    else {
3377      /* has value and is not an exact repeat */
3378      if(data->req.location) {
3379        failf(data, "Multiple Location headers");
3380        curlx_free(location);
3381        return CURLE_WEIRD_SERVER_REPLY;
3382      }
3383      data->req.location = location;
3384
3385      if((k->httpcode >= 300 && k->httpcode < 400) &&
3386         data->set.http_follow_mode) {
3387        CURLcode result;
3388        DEBUGASSERT(!data->req.newurl);
3389        data->req.newurl = curlx_strdup(data->req.location); /* clone */
3390        if(!data->req.newurl)
3391          return CURLE_OUT_OF_MEMORY;
3392
3393        /* some cases of POST and PUT etc needs to rewind the data
3394           stream at this point */
3395        result = http_perhapsrewind(data, conn);
3396        if(result)
3397          return result;
3398
3399        /* mark the next request as a followed location: */
3400        data->state.this_is_a_follow = TRUE;
3401      }
3402    }
3403  }
3404  return CURLE_OK;
3405}
3406
3407/*
3408 * http_header_p() parses a single response header starting with P.
3409 */
3410static CURLcode http_header_p(struct Curl_easy *data,
3411                              const char *hd, size_t hdlen)
3412{
3413  struct SingleRequest *k = &data->req;
3414
3415#ifndef CURL_DISABLE_PROXY
3416  const char *v = HD_VAL(hd, hdlen, "Proxy-Connection:");
3417  if(v) {
3418    struct connectdata *conn = data->conn;
3419    if((k->httpversion == 10) && conn->bits.httpproxy &&
3420       HD_IS_AND_SAYS(hd, hdlen, "Proxy-Connection:", "keep-alive")) {
3421      /*
3422       * When an HTTP/1.0 reply comes when using a proxy, the
3423       * 'Proxy-Connection: keep-alive' line tells us the
3424       * connection will be kept alive for our pleasure.
3425       * Default action for 1.0 is to close.
3426       */
3427      connkeep(conn, "Proxy-Connection keep-alive"); /* do not close */
3428      infof(data, "HTTP/1.0 proxy connection set to keep alive");
3429    }
3430    else if((k->httpversion == 11) && conn->bits.httpproxy &&
3431            HD_IS_AND_SAYS(hd, hdlen, "Proxy-Connection:", "close")) {
3432      /*
3433       * We get an HTTP/1.1 response from a proxy and it says it will
3434       * close down after this transfer.
3435       */
3436      connclose(conn, "Proxy-Connection: asked to close after done");
3437      infof(data, "HTTP/1.1 proxy connection set close");
3438    }
3439    return CURLE_OK;
3440  }
3441#endif
3442  if((407 == k->httpcode) && HD_IS(hd, hdlen, "Proxy-authenticate:")) {
3443    char *auth = Curl_copy_header_value(hd);
3444    CURLcode result = auth ? CURLE_OK : CURLE_OUT_OF_MEMORY;
3445    if(!result) {
3446      result = Curl_http_input_auth(data, TRUE, auth);
3447      curlx_free(auth);
3448    }
3449    return result;
3450  }
3451#ifdef USE_SPNEGO
3452  if(HD_IS(hd, hdlen, "Persistent-Auth:")) {
3453    struct connectdata *conn = data->conn;
3454    struct negotiatedata *negdata = Curl_auth_nego_get(conn, FALSE);
3455    struct auth *authp = &data->state.authhost;
3456    if(!negdata)
3457      return CURLE_OUT_OF_MEMORY;
3458    if(authp->picked == CURLAUTH_NEGOTIATE) {
3459      char *persistentauth = Curl_copy_header_value(hd);
3460      if(!persistentauth)
3461        return CURLE_OUT_OF_MEMORY;
3462      negdata->noauthpersist = !!checkprefix("false", persistentauth);
3463      negdata->havenoauthpersist = TRUE;
3464      infof(data, "Negotiate: noauthpersist -> %d, header part: %s",
3465            negdata->noauthpersist, persistentauth);
3466      curlx_free(persistentauth);
3467    }
3468  }
3469#endif
3470  return CURLE_OK;
3471}
3472
3473/*
3474 * http_header_r() parses a single response header starting with R.
3475 */
3476static CURLcode http_header_r(struct Curl_easy *data,
3477                              const char *hd, size_t hdlen)
3478{
3479  const char *v = HD_VAL(hd, hdlen, "Retry-After:");
3480  if(v) {
3481    /* Retry-After = HTTP-date / delay-seconds */
3482    curl_off_t retry_after = 0; /* zero for unknown or "now" */
3483    time_t date = 0;
3484    curlx_str_passblanks(&v);
3485
3486    /* try it as a date first, because a date can otherwise start with and
3487       get treated as a number */
3488    if(!Curl_getdate_capped(v, &date)) {
3489      time_t current = time(NULL);
3490      if(date >= current)
3491        /* convert date to number of seconds into the future */
3492        retry_after = date - current;
3493    }
3494    else
3495      /* Try it as a decimal number, ignore errors */
3496      (void)curlx_str_number(&v, &retry_after, CURL_OFF_T_MAX);
3497    /* limit to 6 hours max. this is not documented so that it can be changed
3498       in the future if necessary. */
3499    if(retry_after > 21600)
3500      retry_after = 21600;
3501    data->info.retry_after = retry_after;
3502  }
3503  return CURLE_OK;
3504}
3505
3506/*
3507 * http_header_s() parses a single response header starting with S.
3508 */
3509static CURLcode http_header_s(struct Curl_easy *data,
3510                              const char *hd, size_t hdlen)
3511{
3512#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_HSTS)
3513  struct connectdata *conn = data->conn;
3514  const char *v;
3515#else
3516  (void)data;
3517  (void)hd;
3518  (void)hdlen;
3519#endif
3520
3521#ifndef CURL_DISABLE_COOKIES
3522  v = (data->cookies && data->state.cookie_engine) ?
3523    HD_VAL(hd, hdlen, "Set-Cookie:") : NULL;
3524  if(v) {
3525    /* If there is a custom-set Host: name, use it here, or else use
3526     * real peer hostname. */
3527    const char *host = data->req.cookiehost ?
3528      data->req.cookiehost : conn->origin->hostname;
3529    const bool secure_context = Curl_secure_context(conn, host);
3530    CURLcode result;
3531    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
3532    result = Curl_cookie_add(data, data->cookies, TRUE, FALSE, v, host,
3533                             data->state.up.path, secure_context);
3534    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
3535    return result;
3536  }
3537#endif
3538#ifndef CURL_DISABLE_HSTS
3539  /* If enabled, the header is incoming and this is over HTTPS */
3540  v = (data->hsts &&
3541       (Curl_xfer_is_secure(data) ||
3542#ifdef DEBUGBUILD
3543        /* allow debug builds to circumvent the HTTPS restriction */
3544        getenv("CURL_HSTS_HTTP")
3545#else
3546        0
3547#endif
3548         )
3549    ) ? HD_VAL(hd, hdlen, "Strict-Transport-Security:") : NULL;
3550  if(v) {
3551    CURLcode result =
3552      Curl_hsts_parse(data->hsts, conn->origin->hostname, v);
3553    if(result) {
3554      if(result == CURLE_OUT_OF_MEMORY)
3555        return result;
3556      infof(data, "Illegal STS header skipped");
3557    }
3558#ifdef DEBUGBUILD
3559    else
3560      infof(data, "Parsed STS header fine (%zu entries)",
3561            Curl_llist_count(&data->hsts->list));
3562#endif
3563  }
3564#endif
3565
3566  return CURLE_OK;
3567}
3568
3569/*
3570 * http_header_t() parses a single response header starting with T.
3571 */
3572static CURLcode http_header_t(struct Curl_easy *data,
3573                              const char *hd, size_t hdlen)
3574{
3575  struct connectdata *conn = data->conn;
3576  struct SingleRequest *k = &data->req;
3577
3578  /* RFC 9112, ch. 6.1
3579   * "Transfer-Encoding MAY be sent in a response to a HEAD request or
3580   *  in a 304 (Not Modified) response (Section 15.4.5 of [HTTP]) to a
3581   *  GET request, neither of which includes a message body, to indicate
3582   *  that the origin server would have applied a transfer coding to the
3583   *  message body if the request had been an unconditional GET."
3584   *
3585   * Read: in these cases the 'Transfer-Encoding' does not apply
3586   * to any data following the response headers. Do not add any decoders.
3587   */
3588  const char *v = (!k->http_bodyless &&
3589                   (data->state.httpreq != HTTPREQ_HEAD) &&
3590                   (k->httpcode != 304)) ?
3591    HD_VAL(hd, hdlen, "Transfer-Encoding:") : NULL;
3592  if(v) {
3593    /* One or more encodings. We check for chunked and/or a compression
3594       algorithm. */
3595    CURLcode result = Curl_build_unencoding_stack(data, v, TRUE);
3596    if(result)
3597      return result;
3598    if(!k->chunk && data->set.http_transfer_encoding) {
3599      /* if this is not chunked, only close can signal the end of this
3600       * transfer as Content-Length is said not to be trusted for
3601       * transfer-encoding! */
3602      connclose(conn, "HTTP/1.1 transfer-encoding without chunks");
3603      k->ignore_cl = TRUE;
3604    }
3605    return CURLE_OK;
3606  }
3607  v = HD_VAL(hd, hdlen, "Trailer:");
3608  if(v) {
3609    data->req.resp_trailer = TRUE;
3610    return CURLE_OK;
3611  }
3612  return CURLE_OK;
3613}
3614
3615/*
3616 * http_header_w() parses a single response header starting with W.
3617 */
3618static CURLcode http_header_w(struct Curl_easy *data,
3619                              const char *hd, size_t hdlen)
3620{
3621  struct SingleRequest *k = &data->req;
3622  CURLcode result = CURLE_OK;
3623
3624  if((401 == k->httpcode) && HD_IS(hd, hdlen, "WWW-Authenticate:")) {
3625    char *auth = Curl_copy_header_value(hd);
3626    if(!auth)
3627      result = CURLE_OUT_OF_MEMORY;
3628    else {
3629      result = Curl_http_input_auth(data, FALSE, auth);
3630      curlx_free(auth);
3631    }
3632  }
3633  return result;
3634}
3635
3636/*
3637 * http_header() parses a single response header.
3638 */
3639static CURLcode http_header(struct Curl_easy *data,
3640                            const char *hd, size_t hdlen)
3641{
3642  CURLcode result = CURLE_OK;
3643
3644  switch(hd[0]) {
3645  case 'a':
3646  case 'A':
3647    result = http_header_a(data, hd, hdlen);
3648    break;
3649  case 'c':
3650  case 'C':
3651    result = http_header_c(data, hd, hdlen);
3652    break;
3653  case 'l':
3654  case 'L':
3655    result = http_header_l(data, hd, hdlen);
3656    break;
3657  case 'p':
3658  case 'P':
3659    result = http_header_p(data, hd, hdlen);
3660    break;
3661  case 'r':
3662  case 'R':
3663    result = http_header_r(data, hd, hdlen);
3664    break;
3665  case 's':
3666  case 'S':
3667    result = http_header_s(data, hd, hdlen);
3668    break;
3669  case 't':
3670  case 'T':
3671    result = http_header_t(data, hd, hdlen);
3672    break;
3673  case 'w':
3674  case 'W':
3675    result = http_header_w(data, hd, hdlen);
3676    break;
3677  }
3678
3679  if(!result) {
3680    struct connectdata *conn = data->conn;
3681    if(conn->scheme->protocol & CURLPROTO_RTSP)
3682      result = Curl_rtsp_parseheader(data, hd);
3683  }
3684  return result;
3685}
3686
3687/*
3688 * Called after the first HTTP response line (the status line) has been
3689 * received and parsed.
3690 */
3691static CURLcode http_statusline(struct Curl_easy *data,
3692                                struct connectdata *conn)
3693{
3694  struct SingleRequest *k = &data->req;
3695
3696  switch(k->httpversion) {
3697  case 10:
3698  case 11:
3699#ifdef USE_HTTP2
3700  case 20:
3701#endif
3702#ifdef USE_HTTP3
3703  case 30:
3704#endif
3705    /* no major version switch mid-connection */
3706    if(k->httpversion_sent &&
3707       (k->httpversion / 10 != k->httpversion_sent / 10)) {
3708      failf(data, "Version mismatch (from HTTP/%d to HTTP/%d)",
3709            k->httpversion_sent / 10, k->httpversion / 10);
3710      return CURLE_WEIRD_SERVER_REPLY;
3711    }
3712    break;
3713  default:
3714    failf(data, "Unsupported HTTP version (%d.%d) in response",
3715          k->httpversion / 10, k->httpversion % 10);
3716    return CURLE_UNSUPPORTED_PROTOCOL;
3717  }
3718
3719  data->info.httpcode = k->httpcode;
3720  data->info.httpversion = k->httpversion;
3721  conn->httpversion_seen = k->httpversion;
3722
3723  if(!data->state.http_neg.rcvd_min ||
3724     data->state.http_neg.rcvd_min > k->httpversion)
3725    /* store the lowest server version we encounter */
3726    data->state.http_neg.rcvd_min = k->httpversion;
3727
3728  /*
3729   * This code executes as part of processing the header. As a
3730   * result, it is not totally clear how to interpret the
3731   * response code yet as that depends on what other headers may
3732   * be present. 401 and 407 may be errors, but may be OK
3733   * depending on how authentication is working. Other codes
3734   * are definitely errors, so give up here.
3735   */
3736  if(data->state.resume_from && data->state.httpreq == HTTPREQ_GET &&
3737     k->httpcode == 416) {
3738    /* "Requested Range Not Satisfiable", proceed and pretend this is no
3739       error */
3740    k->ignorebody = TRUE; /* Avoid appending error msg to good data. */
3741  }
3742
3743  if(k->httpversion == 10) {
3744    /* Default action for HTTP/1.0 must be to close, unless
3745       we get one of those fancy headers that tell us the
3746       server keeps it open for us! */
3747    infof(data, "HTTP 1.0, assume close after body");
3748    connclose(conn, "HTTP/1.0 close after body");
3749  }
3750
3751  k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200;
3752  switch(k->httpcode) {
3753  case 304:
3754    /* (quote from RFC2616, section 10.3.5): The 304 response
3755     * MUST NOT contain a message-body, and thus is always
3756     * terminated by the first empty line after the header
3757     * fields. */
3758    if(data->set.timecondition)
3759      data->info.timecond = TRUE;
3760    FALLTHROUGH();
3761  case 204:
3762    /* (quote from RFC2616, section 10.2.5): The server has
3763     * fulfilled the request but does not need to return an
3764     * entity-body ... The 204 response MUST NOT include a
3765     * message-body, and thus is always terminated by the first
3766     * empty line after the header fields. */
3767    k->size = 0;
3768    k->maxdownload = 0;
3769    k->http_bodyless = TRUE;
3770    break;
3771  default:
3772    break;
3773  }
3774  return CURLE_OK;
3775}
3776
3777/* Content-Length must be ignored if any Transfer-Encoding is present in the
3778   response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is
3779   figured out here after all headers have been received but before the final
3780   call to the user's header callback, so that a valid content length can be
3781   retrieved by the user in the final call. */
3782static CURLcode http_size(struct Curl_easy *data)
3783{
3784  struct SingleRequest *k = &data->req;
3785  if(data->req.ignore_cl || k->chunk) {
3786    k->size = k->maxdownload = -1;
3787  }
3788  else if(k->size != -1) {
3789    if(data->set.max_filesize &&
3790       !k->ignorebody &&
3791       (k->size > data->set.max_filesize)) {
3792      failf(data, "Maximum file size exceeded");
3793      return CURLE_FILESIZE_EXCEEDED;
3794    }
3795    if(k->ignorebody)
3796      infof(data, "setting size while ignoring");
3797    Curl_pgrsSetDownloadSize(data, k->size);
3798    k->maxdownload = k->size;
3799  }
3800  return CURLE_OK;
3801}
3802
3803static CURLcode verify_header(struct Curl_easy *data,
3804                              const char *hd, size_t hdlen)
3805{
3806  struct SingleRequest *k = &data->req;
3807  const char *ptr = memchr(hd, 0x00, hdlen);
3808  if(ptr) {
3809    /* this is bad, bail out */
3810    failf(data, "Nul byte in header");
3811    return CURLE_WEIRD_SERVER_REPLY;
3812  }
3813  if(k->headerline < 2)
3814    /* the first "header" is the status-line and it has no colon */
3815    return CURLE_OK;
3816  if(((hd[0] == ' ') || (hd[0] == '\t')) && k->headerline > 2)
3817    /* line folding, cannot happen on line 2 */
3818    ;
3819  else {
3820    ptr = memchr(hd, ':', hdlen);
3821    if(!ptr) {
3822      /* this is bad, bail out */
3823      failf(data, "Header without colon");
3824      return CURLE_WEIRD_SERVER_REPLY;
3825    }
3826  }
3827  return CURLE_OK;
3828}
3829
3830CURLcode Curl_bump_headersize(struct Curl_easy *data,
3831                              size_t delta,
3832                              bool connect_only)
3833{
3834  size_t bad = 0;
3835  unsigned int max = MAX_HTTP_RESP_HEADER_SIZE;
3836  if(delta < MAX_HTTP_RESP_HEADER_SIZE) {
3837    data->info.header_size += (unsigned int)delta;
3838    data->req.allheadercount += (unsigned int)delta;
3839    if(!connect_only)
3840      data->req.headerbytecount += (unsigned int)delta;
3841    if(data->req.allheadercount > max)
3842      bad = data->req.allheadercount;
3843    else if(data->info.header_size > (max * 20)) {
3844      bad = data->info.header_size;
3845      max *= 20;
3846    }
3847  }
3848  else
3849    bad = data->req.allheadercount + delta;
3850  if(bad) {
3851    failf(data, "Too large response headers: %zu > %u", bad, max);
3852    return CURLE_RECV_ERROR;
3853  }
3854  return CURLE_OK;
3855}
3856
3857/*
3858 * Handle a 101 Switching Protocols response. Performs the actual protocol
3859 * upgrade to HTTP/2 or WebSocket based on what was requested.
3860 */
3861static CURLcode http_on_101_upgrade(struct Curl_easy *data,
3862                                    const char *buf, size_t blen,
3863                                    size_t *pconsumed,
3864                                    bool *conn_changed)
3865{
3866  struct connectdata *conn = data->conn;
3867  struct SingleRequest *k = &data->req;
3868
3869#if !defined(USE_NGHTTP2) && defined(CURL_DISABLE_WEBSOCKETS)
3870  (void)buf;
3871  (void)blen;
3872  (void)pconsumed;
3873#else
3874  CURLcode result;
3875  int upgr101_requested = k->upgr101;
3876#endif
3877
3878  if(k->httpversion_sent != 11) {
3879    /* invalid for other HTTP versions */
3880    failf(data, "server sent 101 response while not talking HTTP/1.1");
3881    return CURLE_WEIRD_SERVER_REPLY;
3882  }
3883
3884  /* Whatever the success, upgrade was selected. */
3885  k->upgr101 = UPGR101_RECEIVED;
3886  conn->bits.upgrade_in_progress = FALSE;
3887  *conn_changed = TRUE;
3888
3889  /* To be fully compliant, we would check the "Upgrade:" response header to
3890   * mention the protocol we requested. */
3891#ifdef USE_NGHTTP2
3892  if(upgr101_requested == UPGR101_H2) {
3893    /* Switch to HTTP/2, where we will get more responses. blen bytes in buf
3894     * are already h2 protocol bytes */
3895    infof(data, "Received 101, Switching to HTTP/2");
3896    result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, buf, blen);
3897    if(!result)
3898      *pconsumed += blen;
3899    return result;
3900  }
3901#endif
3902#ifndef CURL_DISABLE_WEBSOCKETS
3903  if(upgr101_requested == UPGR101_WS) {
3904    /* Switch to WebSocket, where we now stream ws frames. blen bytes in buf
3905     * are already ws protocol bytes */
3906    infof(data, "Received 101, Switching to WebSocket");
3907    result = Curl_ws_accept(data, buf, blen);
3908    if(!result)
3909      *pconsumed += blen; /* ws accept handled the data */
3910    return result;
3911  }
3912#endif
3913  /* We silently accept this as the final response. What are we switching to
3914   * if we did not ask for an Upgrade? Maybe the application provided an
3915   * `Upgrade: xxx` header? */
3916  k->header = FALSE;
3917  return CURLE_OK;
3918}
3919
3920/*
3921 * Handle 1xx intermediate HTTP responses. Sets up state for more
3922 * headers and processes 100-continue and 101 upgrade responses.
3923 */
3924static CURLcode http_on_1xx_response(struct Curl_easy *data,
3925                                     const char *buf, size_t blen,
3926                                     size_t *pconsumed,
3927                                     bool *conn_changed)
3928{
3929  struct SingleRequest *k = &data->req;
3930
3931  /* "A user agent MAY ignore unexpected 1xx status responses."
3932   * By default, we expect to get more responses after this one. */
3933  k->header = TRUE;
3934  k->headerline = 0; /* restart the header line counter */
3935
3936  switch(k->httpcode) {
3937  case 100:
3938    /* We have made an HTTP PUT or POST and this is 1.1-lingo that tells us
3939     * that the server is OK with this and ready to receive the data. */
3940    http_exp100_got100(data);
3941    break;
3942  case 101:
3943    return http_on_101_upgrade(data, buf, blen, pconsumed, conn_changed);
3944  default:
3945    /* The server may send us other 1xx responses, like informative 103. This
3946     * has no influence on request processing and we expect to receive a
3947     * final response eventually. */
3948    break;
3949  }
3950  return CURLE_OK;
3951}
3952
3953#if defined(USE_NTLM) || defined(USE_SPNEGO)
3954/*
3955 * Check if NTLM or SPNEGO authentication negotiation failed due to
3956 * connection closure (typically on HTTP/1.0 servers).
3957 */
3958static void http_check_auth_closure(struct Curl_easy *data,
3959                                    struct connectdata *conn)
3960{
3961  /* At this point we have some idea about the fate of the connection. If we
3962     are closing the connection it may result auth failure. */
3963#ifdef USE_NTLM
3964  if(conn->bits.close &&
3965     (((data->req.httpcode == 401) &&
3966       (conn->http_ntlm_state == NTLMSTATE_TYPE2)) ||
3967      ((data->req.httpcode == 407) &&
3968       (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) {
3969    infof(data, "Connection closure while negotiating auth (HTTP 1.0?)");
3970    data->state.authproblem = TRUE;
3971  }
3972#endif
3973#ifdef USE_SPNEGO
3974  if(conn->bits.close &&
3975    (((data->req.httpcode == 401) &&
3976      (conn->http_negotiate_state == GSS_AUTHRECV)) ||
3977     ((data->req.httpcode == 407) &&
3978      (conn->proxy_negotiate_state == GSS_AUTHRECV)))) {
3979    infof(data, "Connection closure while negotiating auth (HTTP 1.0?)");
3980    data->state.authproblem = TRUE;
3981  }
3982  if((conn->http_negotiate_state == GSS_AUTHDONE) &&
3983     (data->req.httpcode != 401)) {
3984    conn->http_negotiate_state = GSS_AUTHSUCC;
3985  }
3986  if((conn->proxy_negotiate_state == GSS_AUTHDONE) &&
3987     (data->req.httpcode != 407)) {
3988    conn->proxy_negotiate_state = GSS_AUTHSUCC;
3989  }
3990#endif
3991}
3992#else
3993#define http_check_auth_closure(x, y) /* empty */
3994#endif
3995
3996/*
3997 * Handle an error response (>= 300) received while still sending the
3998 * request body. Deals with 417 Expectation Failed retries, keep-sending
3999 * on error, and aborting the send.
4000 */
4001static CURLcode http_handle_send_error(struct Curl_easy *data)
4002{
4003  struct connectdata *conn = data->conn;
4004  struct SingleRequest *k = &data->req;
4005  CURLcode result = CURLE_OK;
4006
4007  if(!data->req.authneg && !conn->bits.close &&
4008     !Curl_creader_will_rewind(data)) {
4009    /*
4010     * General treatment of errors when about to send data.
4011     * Including: "417 Expectation Failed", while waiting for
4012     * 100-continue.
4013     *
4014     * The check for close above is done because if something
4015     * else has already deemed the connection to get closed then
4016     * something else should have considered the big picture and
4017     * we avoid this check.
4018     */
4019
4020    switch(data->state.httpreq) {
4021    case HTTPREQ_PUT:
4022    case HTTPREQ_POST:
4023    case HTTPREQ_POST_FORM:
4024    case HTTPREQ_POST_MIME:
4025      /* We got an error response. If this happened before the
4026       * whole request body has been sent we stop sending and
4027       * mark the connection for closure after we have read the
4028       * entire response. */
4029      if(!Curl_req_done_sending(data)) {
4030        if((k->httpcode == 417) && http_exp100_is_selected(data)) {
4031          /* 417 Expectation Failed - try again without the
4032             Expect header */
4033          if(!k->writebytecount && http_exp100_is_waiting(data)) {
4034            infof(data, "Got HTTP failure 417 while waiting for a 100");
4035          }
4036          else {
4037            infof(data, "Got HTTP failure 417 while sending data");
4038            streamclose(conn, "Stop sending data before everything sent");
4039            result = http_perhapsrewind(data, conn);
4040            if(result)
4041              return result;
4042          }
4043          data->state.disableexpect = TRUE;
4044          Curl_req_abort_sending(data);
4045          DEBUGASSERT(!data->req.newurl);
4046          data->req.newurl = Curl_bufref_dup(&data->state.url);
4047          if(!data->req.newurl)
4048            return CURLE_OUT_OF_MEMORY;
4049        }
4050        else if(data->set.http_keep_sending_on_error) {
4051          infof(data, "HTTP error before end of send, keep sending");
4052          http_exp100_send_anyway(data);
4053        }
4054        else {
4055          infof(data, "HTTP error before end of send, stop sending");
4056          streamclose(conn, "Stop sending data before everything sent");
4057          result = Curl_req_abort_sending(data);
4058          if(result)
4059            return result;
4060        }
4061      }
4062      break;
4063
4064    default: /* default label present to avoid compiler warnings */
4065      break;
4066    }
4067  }
4068
4069  if(Curl_creader_will_rewind(data) && !Curl_req_done_sending(data)) {
4070    /* We rewind before next send, continue sending now */
4071    infof(data, "Keep sending data to get tossed away");
4072    CURL_REQ_SET_SEND(data);
4073  }
4074  return result;
4075}
4076
4077static CURLcode http_on_response(struct Curl_easy *data,
4078                                 const char *last_hd, size_t last_hd_len,
4079                                 const char *buf, size_t blen,
4080                                 size_t *pconsumed)
4081{
4082  struct connectdata *conn = data->conn;
4083  CURLcode result = CURLE_OK;
4084  struct SingleRequest *k = &data->req;
4085  bool conn_changed = FALSE;
4086
4087  (void)buf; /* not used without HTTP2 enabled */
4088  *pconsumed = 0;
4089
4090  if(k->upgr101 == UPGR101_RECEIVED) {
4091    /* supposedly upgraded to http2 now */
4092    if(data->req.httpversion != 20)
4093      infof(data, "Lying server, not serving HTTP/2");
4094  }
4095
4096  if(k->httpcode < 200 && last_hd) {
4097    /* Intermediate responses might trigger processing of more responses,
4098     * write the last header to the client before proceeding. */
4099    result = http_write_header(data, last_hd, last_hd_len);
4100    last_hd = NULL; /* handled it */
4101    if(result)
4102      goto out;
4103  }
4104
4105  if(k->httpcode < 100) {
4106    failf(data, "Unsupported response code in HTTP response");
4107    result = CURLE_UNSUPPORTED_PROTOCOL;
4108    goto out;
4109  }
4110  else if(k->httpcode < 200) {
4111    result = http_on_1xx_response(data, buf, blen, pconsumed, &conn_changed);
4112    goto out;
4113  }
4114
4115  /* k->httpcode >= 200, final response */
4116  k->header = FALSE;
4117  if(conn->bits.upgrade_in_progress) {
4118    /* Asked for protocol upgrade, but it was not selected */
4119    conn->bits.upgrade_in_progress = FALSE;
4120    conn_changed = TRUE;
4121  }
4122
4123  if((k->size == -1) && !k->chunk && !conn->bits.close &&
4124     (k->httpversion == 11) &&
4125     !(conn->scheme->protocol & CURLPROTO_RTSP) &&
4126     data->state.httpreq != HTTPREQ_HEAD) {
4127    /* On HTTP 1.1, when connection is not to get closed, but no
4128       Content-Length nor Transfer-Encoding chunked have been received,
4129       according to RFC2616 section 4.4 point 5, we assume that the server
4130       will close the connection to signal the end of the document. */
4131    infof(data, "no chunk, no close, no size. Assume close to signal end");
4132    streamclose(conn, "HTTP: No end-of-message indicator");
4133  }
4134
4135  http_check_auth_closure(data, conn);
4136
4137#ifndef CURL_DISABLE_WEBSOCKETS
4138  /* All >=200 HTTP status codes are errors when wanting ws */
4139  if(data->req.upgr101 == UPGR101_WS) {
4140    failf(data, "Refused WebSocket upgrade: %d", k->httpcode);
4141    result = CURLE_HTTP_RETURNED_ERROR;
4142    goto out;
4143  }
4144#endif
4145
4146  /* Check if this response means the transfer errored. */
4147  if(http_should_fail(data, data->req.httpcode)) {
4148    failf(data, "The requested URL returned error: %d",
4149          k->httpcode);
4150    result = CURLE_HTTP_RETURNED_ERROR;
4151    goto out;
4152  }
4153
4154  /* Curl_http_auth_act() checks what authentication methods that are
4155   * available and decides which one (if any) to use. It will set 'newurl' if
4156   * an auth method was picked. */
4157  result = Curl_http_auth_act(data);
4158  if(result)
4159    goto out;
4160
4161  if(k->httpcode >= 300) {
4162    result = http_handle_send_error(data);
4163    if(result)
4164      goto out;
4165  }
4166
4167  /* If we requested a "no body", this is a good time to get
4168   * out and return home.
4169   */
4170  if(data->req.no_body)
4171    k->download_done = TRUE;
4172
4173  /* If max download size is *zero* (nothing) we already have nothing and can
4174     safely return ok now! For HTTP/2, we would like to call
4175     http2_handle_stream_close to properly close a stream. In order to do
4176     this, we keep reading until we close the stream. */
4177  if((k->maxdownload == 0) && (k->httpversion_sent < 20))
4178    k->download_done = TRUE;
4179
4180  /* final response without error, prepare to receive the body */
4181  result = http_firstwrite(data);
4182
4183  if(!result)
4184    /* This is the last response that we get for the current request. Check on
4185     * the body size and determine if the response is complete. */
4186    result = http_size(data);
4187
4188out:
4189  if(last_hd)
4190    /* if not written yet, write it now */
4191    result = Curl_1st_fatal(result,
4192                            http_write_header(data, last_hd, last_hd_len));
4193  if(conn_changed)
4194    /* poke the multi handle to allow pending pipewait to retry */
4195    Curl_multi_connchanged(data->multi);
4196  return result;
4197}
4198
4199static CURLcode http_rw_hd(struct Curl_easy *data,
4200                           const char *hd, size_t hdlen,
4201                           const char *buf_remain, size_t blen,
4202                           size_t *pconsumed)
4203{
4204  CURLcode result = CURLE_OK;
4205  struct SingleRequest *k = &data->req;
4206  int writetype;
4207  DEBUGASSERT(!hd[hdlen]); /* null-terminated */
4208
4209  *pconsumed = 0;
4210  if((0x0a == *hd) || (0x0d == *hd)) {
4211    /* Empty header line means end of headers! */
4212    struct dynbuf last_header;
4213    size_t consumed;
4214
4215    curlx_dyn_init(&last_header, hdlen + 1);
4216    result = curlx_dyn_addn(&last_header, hd, hdlen);
4217    if(result)
4218      return result;
4219
4220    /* analyze the response to find out what to do. */
4221    /* Caveat: we clear anything in the header brigade, because a
4222     * response might switch HTTP version which may call use recursively.
4223     * Not nice, but that is currently the way of things. */
4224    curlx_dyn_reset(&data->state.headerb);
4225    result = http_on_response(data, curlx_dyn_ptr(&last_header),
4226                              curlx_dyn_len(&last_header),
4227                              buf_remain, blen, &consumed);
4228    *pconsumed += consumed;
4229    curlx_dyn_free(&last_header);
4230    return result;
4231  }
4232
4233  /*
4234   * Checks for special headers coming up.
4235   */
4236
4237  writetype = CLIENTWRITE_HEADER;
4238  if(!k->headerline++) {
4239    /* This is the first header, it MUST be the error code line
4240       or else we consider this to be the body right away! */
4241    bool fine_statusline = FALSE;
4242
4243    k->httpversion = 0; /* Do not know yet */
4244    if(data->conn->scheme->protocol & PROTO_FAMILY_HTTP) {
4245      /*
4246       * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2
4247       *
4248       * The response code is always a three-digit number in HTTP as the spec
4249       * says. We allow any three-digit number here, but we cannot make
4250       * guarantees on future behaviors since it is not within the protocol.
4251       */
4252      const char *p = hd;
4253
4254      curlx_str_passblanks(&p);
4255      if(!strncmp(p, "HTTP/", 5)) {
4256        p += 5;
4257        switch(*p) {
4258        case '1':
4259          p++;
4260          if((p[0] == '.') && (p[1] == '0' || p[1] == '1')) {
4261            if(ISBLANK(p[2])) {
4262              k->httpversion = (unsigned char)(10 + (p[1] - '0'));
4263              p += 3;
4264              if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
4265                k->httpcode = ((p[0] - '0') * 100) + ((p[1] - '0') * 10) +
4266                  (p[2] - '0');
4267                /* RFC 9112 requires a single space following the status code,
4268                   but the browsers do not so let's not insist */
4269                fine_statusline = TRUE;
4270              }
4271            }
4272          }
4273          if(!fine_statusline) {
4274            failf(data, "Unsupported HTTP/1 subversion in response");
4275            return CURLE_UNSUPPORTED_PROTOCOL;
4276          }
4277          break;
4278        case '2':
4279        case '3':
4280          if(!ISBLANK(p[1]))
4281            break;
4282          k->httpversion = (unsigned char)((*p - '0') * 10);
4283          p += 2;
4284          if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
4285            k->httpcode = ((p[0] - '0') * 100) + ((p[1] - '0') * 10) +
4286              (p[2] - '0');
4287            p += 3;
4288            if(!ISBLANK(*p))
4289              break;
4290            fine_statusline = TRUE;
4291          }
4292          break;
4293        default: /* unsupported */
4294          failf(data, "Unsupported HTTP version in response");
4295          return CURLE_UNSUPPORTED_PROTOCOL;
4296        }
4297      }
4298
4299      if(!fine_statusline) {
4300        /* If user has set option HTTP200ALIASES,
4301           compare header line against list of aliases
4302        */
4303        statusline check = checkhttpprefix(data, hd, hdlen);
4304        if(check == STATUS_DONE) {
4305          fine_statusline = TRUE;
4306          k->httpcode = 200;
4307          k->httpversion = 10;
4308        }
4309      }
4310    }
4311    else if(data->conn->scheme->protocol & CURLPROTO_RTSP) {
4312      const char *p = hd;
4313      struct Curl_str ver;
4314      curl_off_t status;
4315      /* we set the max string a little excessive to forgive some leading
4316         spaces */
4317      if(!curlx_str_until(&p, &ver, 32, ' ') &&
4318         !curlx_str_single(&p, ' ') &&
4319         !curlx_str_number(&p, &status, 999)) {
4320        curlx_str_trimblanks(&ver);
4321        if(curlx_str_cmp(&ver, "RTSP/1.0")) {
4322          k->httpcode = (int)status;
4323          fine_statusline = TRUE;
4324          k->httpversion = 11; /* RTSP acts like HTTP 1.1 */
4325        }
4326      }
4327      if(!fine_statusline)
4328        return CURLE_WEIRD_SERVER_REPLY;
4329    }
4330
4331    if(fine_statusline) {
4332      result = http_statusline(data, data->conn);
4333      if(result)
4334        return result;
4335      writetype |= CLIENTWRITE_STATUS;
4336    }
4337    else {
4338      k->header = FALSE;   /* this is not a header line */
4339      return CURLE_WEIRD_SERVER_REPLY;
4340    }
4341  }
4342
4343  result = verify_header(data, hd, hdlen);
4344  if(result)
4345    return result;
4346
4347  result = http_header(data, hd, hdlen);
4348  if(result)
4349    return result;
4350
4351  /*
4352   * Taken in one (more) header. Write it to the client.
4353   */
4354  Curl_debug(data, CURLINFO_HEADER_IN, hd, hdlen);
4355
4356  if(k->httpcode / 100 == 1)
4357    writetype |= CLIENTWRITE_1XX;
4358  result = Curl_client_write(data, writetype, hd, hdlen);
4359  if(result)
4360    return result;
4361
4362  result = Curl_bump_headersize(data, hdlen, FALSE);
4363  if(result)
4364    return result;
4365
4366  return CURLE_OK;
4367}
4368
4369/* remove trailing CRLF then all trailing whitespace */
4370void Curl_http_to_fold(struct dynbuf *bf)
4371{
4372  size_t len = curlx_dyn_len(bf);
4373  const char *hd = curlx_dyn_ptr(bf);
4374  if(len && (hd[len - 1] == '\n'))
4375    len--;
4376  if(len && (hd[len - 1] == '\r'))
4377    len--;
4378  while(len && ISBLANK(hd[len - 1])) /* strip off trailing whitespace */
4379    len--;
4380  curlx_dyn_setlen(bf, len);
4381}
4382
4383static void unfold_header(struct Curl_easy *data)
4384{
4385  Curl_http_to_fold(&data->state.headerb);
4386  data->state.leading_unfold = TRUE;
4387}
4388
4389/*
4390 * Read any HTTP header lines from the server and pass them to the client app.
4391 */
4392static CURLcode http_parse_headers(struct Curl_easy *data,
4393                                   const char *buf, size_t blen,
4394                                   size_t *pconsumed)
4395{
4396  struct connectdata *conn = data->conn;
4397  CURLcode result = CURLE_OK;
4398  struct SingleRequest *k = &data->req;
4399  const char *end_ptr;
4400  bool leftover_body = FALSE;
4401
4402  /* we have bytes for the next header, make sure it is not a folded header
4403     before passing it on */
4404  if(data->state.maybe_folded && blen) {
4405    if(ISBLANK(buf[0])) {
4406      /* folded, remove the trailing newlines and append the next header */
4407      unfold_header(data);
4408    }
4409    else {
4410      /* the header data we hold is a complete header, pass it on */
4411      size_t ignore_this;
4412      result = http_rw_hd(data, curlx_dyn_ptr(&data->state.headerb),
4413                          curlx_dyn_len(&data->state.headerb),
4414                          NULL, 0, &ignore_this);
4415      curlx_dyn_reset(&data->state.headerb);
4416      if(result)
4417        return result;
4418    }
4419    data->state.maybe_folded = FALSE;
4420  }
4421
4422  /* header line within buffer loop */
4423  *pconsumed = 0;
4424  while(blen && k->header) {
4425    size_t consumed;
4426    size_t hlen;
4427    const char *hd;
4428    size_t unfold_len = 0;
4429
4430    if(data->state.leading_unfold) {
4431      /* immediately after an unfold, keep only a single whitespace */
4432      while(blen && ISBLANK(buf[0])) {
4433        buf++;
4434        blen--;
4435        unfold_len++;
4436      }
4437      if(blen) {
4438        /* insert a single space */
4439        result = curlx_dyn_addn(&data->state.headerb, " ", 1);
4440        if(result)
4441          return result;
4442        data->state.leading_unfold = FALSE; /* done now */
4443      }
4444    }
4445
4446    end_ptr = memchr(buf, '\n', blen);
4447    if(!end_ptr) {
4448      /* Not a complete header line within buffer, append the data to
4449         the end of the headerbuff. */
4450      result = curlx_dyn_addn(&data->state.headerb, buf, blen);
4451      if(result)
4452        return result;
4453      *pconsumed += blen + unfold_len;
4454
4455      if(!k->headerline) {
4456        /* check if this looks like a protocol header */
4457        statusline st =
4458          checkprotoprefix(data, conn,
4459                           curlx_dyn_ptr(&data->state.headerb),
4460                           curlx_dyn_len(&data->state.headerb));
4461
4462        if(st == STATUS_BAD) {
4463          /* this is not the beginning of a protocol first header line.
4464           * Cannot be 0.9 if version was detected or connection was reused. */
4465          k->header = FALSE;
4466          streamclose(conn, "bad HTTP: No end-of-message indicator");
4467          if((k->httpversion >= 10) || conn->bits.reuse) {
4468            failf(data, "Invalid status line");
4469            return CURLE_WEIRD_SERVER_REPLY;
4470          }
4471          if(!data->state.http_neg.accept_09) {
4472            failf(data, "Received HTTP/0.9 when not allowed");
4473            return CURLE_UNSUPPORTED_PROTOCOL;
4474          }
4475          leftover_body = TRUE;
4476          goto out;
4477        }
4478      }
4479      goto out; /* read more and try again */
4480    }
4481
4482    /* the size of the remaining header line */
4483    consumed = (end_ptr - buf) + 1;
4484
4485    result = curlx_dyn_addn(&data->state.headerb, buf, consumed);
4486    if(result)
4487      return result;
4488    blen -= consumed;
4489    buf += consumed;
4490    *pconsumed += consumed + unfold_len;
4491
4492    /****
4493     * We now have a FULL header line in 'headerb'.
4494     *****/
4495
4496    hlen = curlx_dyn_len(&data->state.headerb);
4497    hd = curlx_dyn_ptr(&data->state.headerb);
4498
4499    if(!k->headerline) {
4500      /* the first read "header", the status line */
4501      statusline st = checkprotoprefix(data, conn, hd, hlen);
4502      if(st == STATUS_BAD) {
4503        streamclose(conn, "bad HTTP: No end-of-message indicator");
4504        /* this is not the beginning of a protocol first header line.
4505         * Cannot be 0.9 if version was detected or connection was reused. */
4506        if((k->httpversion >= 10) || conn->bits.reuse) {
4507          failf(data, "Invalid status line");
4508          return CURLE_WEIRD_SERVER_REPLY;
4509        }
4510        if(!data->state.http_neg.accept_09) {
4511          failf(data, "Received HTTP/0.9 when not allowed");
4512          return CURLE_UNSUPPORTED_PROTOCOL;
4513        }
4514        k->header = FALSE;
4515        leftover_body = TRUE;
4516        goto out;
4517      }
4518    }
4519    else {
4520      if(hlen && !ISNEWLINE(hd[0])) {
4521        /* this is NOT the header separator */
4522
4523        /* if we have bytes for the next header, check for folding */
4524        if(blen && ISBLANK(buf[0])) {
4525          /* remove the trailing CRLF and append the next header */
4526          unfold_header(data);
4527          continue;
4528        }
4529        else if(!blen) {
4530          /* this might be a folded header so deal with it in next invoke */
4531          data->state.maybe_folded = TRUE;
4532          break;
4533        }
4534      }
4535    }
4536
4537    result = http_rw_hd(data, hd, hlen, buf, blen, &consumed);
4538    /* We are done with this line. We reset because response
4539     * processing might switch to HTTP/2 and that might call us
4540     * directly again. */
4541    curlx_dyn_reset(&data->state.headerb);
4542    if(consumed) {
4543      blen -= consumed;
4544      buf += consumed;
4545      *pconsumed += consumed;
4546    }
4547    if(result)
4548      return result;
4549  }
4550
4551  /* We might have reached the end of the header part here, but
4552     there might be a non-header part left in the end of the read
4553     buffer. */
4554out:
4555  if(!k->header && !leftover_body) {
4556    curlx_dyn_free(&data->state.headerb);
4557  }
4558  return CURLE_OK;
4559}
4560
4561CURLcode Curl_http_write_resp_hd(struct Curl_easy *data,
4562                                 const char *hd, size_t hdlen,
4563                                 bool is_eos)
4564{
4565  CURLcode result;
4566  size_t consumed;
4567  char tmp = 0;
4568  DEBUGASSERT(!hd[hdlen]); /* null-terminated */
4569
4570  result = http_rw_hd(data, hd, hdlen, &tmp, 0, &consumed);
4571  if(!result && is_eos) {
4572    result = Curl_client_write(data, (CLIENTWRITE_BODY | CLIENTWRITE_EOS),
4573                               &tmp, 0);
4574  }
4575  return result;
4576}
4577
4578/*
4579 * HTTP protocol `write_resp` implementation. Parse headers
4580 * when not done yet and otherwise return without consuming data.
4581 */
4582CURLcode Curl_http_write_resp_hds(struct Curl_easy *data,
4583                                  const char *buf, size_t blen,
4584                                  size_t *pconsumed)
4585{
4586  if(!data->req.header) {
4587    *pconsumed = 0;
4588    return CURLE_OK;
4589  }
4590  else {
4591    CURLcode result;
4592
4593    result = http_parse_headers(data, buf, blen, pconsumed);
4594    if(!result && !data->req.header) {
4595      if(!data->req.no_body && curlx_dyn_len(&data->state.headerb)) {
4596        /* leftover from parsing something that turned out not
4597         * to be a header, only happens if we allow for
4598         * HTTP/0.9 like responses */
4599        result = Curl_client_write(data, CLIENTWRITE_BODY,
4600                                   curlx_dyn_ptr(&data->state.headerb),
4601                                   curlx_dyn_len(&data->state.headerb));
4602      }
4603      curlx_dyn_free(&data->state.headerb);
4604    }
4605    return result;
4606  }
4607}
4608
4609CURLcode Curl_http_write_resp(struct Curl_easy *data,
4610                              const char *buf, size_t blen,
4611                              bool is_eos)
4612{
4613  CURLcode result;
4614  size_t consumed;
4615  int flags;
4616
4617  result = Curl_http_write_resp_hds(data, buf, blen, &consumed);
4618  if(result || data->req.done)
4619    goto out;
4620
4621  DEBUGASSERT(consumed <= blen);
4622  blen -= consumed;
4623  buf += consumed;
4624  /* either all was consumed in header parsing, or we have data left
4625   * and are done with headers, e.g. it is BODY data */
4626  DEBUGASSERT(!blen || !data->req.header);
4627  if(!data->req.header && (blen || is_eos)) {
4628    /* BODY data after header been parsed, write and consume */
4629    flags = CLIENTWRITE_BODY;
4630    if(is_eos)
4631      flags |= CLIENTWRITE_EOS;
4632    result = Curl_client_write(data, flags, buf, blen);
4633  }
4634out:
4635  return result;
4636}
4637
4638/* Decode HTTP status code string. */
4639CURLcode Curl_http_decode_status(int *pstatus, const char *s, size_t len)
4640{
4641  CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
4642  int status = 0;
4643  int i;
4644
4645  if(len != 3)
4646    goto out;
4647
4648  for(i = 0; i < 3; ++i) {
4649    char c = s[i];
4650
4651    if(c < '0' || c > '9')
4652      goto out;
4653
4654    status *= 10;
4655    status += c - '0';
4656  }
4657  result = CURLE_OK;
4658out:
4659  *pstatus = result ? -1 : status;
4660  return result;
4661}
4662
4663CURLcode Curl_http_req_make(struct httpreq **preq,
4664                            const char *method, size_t m_len,
4665                            const char *scheme, size_t s_len,
4666                            const char *authority, size_t a_len,
4667                            const char *path, size_t p_len)
4668{
4669  struct httpreq *req;
4670  CURLcode result = CURLE_OUT_OF_MEMORY;
4671
4672  DEBUGASSERT(method && m_len);
4673
4674  req = curlx_calloc(1, sizeof(*req) + m_len);
4675  if(!req)
4676    goto out;
4677#if defined(__GNUC__) && __GNUC__ >= 13
4678#pragma GCC diagnostic push
4679/* error: 'memcpy' offset [137, 142] from the object at 'req' is out of
4680   the bounds of referenced subobject 'method' with type 'char[1]' at
4681   offset 136 */
4682#pragma GCC diagnostic ignored "-Warray-bounds"
4683#endif
4684  memcpy(req->method, method, m_len);
4685#if defined(__GNUC__) && __GNUC__ >= 13
4686#pragma GCC diagnostic pop
4687#endif
4688  if(scheme) {
4689    req->scheme = curlx_memdup0(scheme, s_len);
4690    if(!req->scheme)
4691      goto out;
4692  }
4693  if(authority) {
4694    req->authority = curlx_memdup0(authority, a_len);
4695    if(!req->authority)
4696      goto out;
4697  }
4698  if(path) {
4699    req->path = curlx_memdup0(path, p_len);
4700    if(!req->path)
4701      goto out;
4702  }
4703  Curl_dynhds_init(&req->headers, 0, DYN_HTTP_REQUEST);
4704  Curl_dynhds_init(&req->trailers, 0, DYN_HTTP_REQUEST);
4705  result = CURLE_OK;
4706
4707out:
4708  if(result && req)
4709    Curl_http_req_free(req);
4710  *preq = result ? NULL : req;
4711  return result;
4712}
4713
4714static CURLcode req_assign_url_authority(struct httpreq *req, CURLU *url)
4715{
4716  char *host, *port;
4717  struct dynbuf buf;
4718  CURLUcode uc;
4719  CURLcode result = CURLE_URL_MALFORMAT;
4720
4721  host = port = NULL;
4722  curlx_dyn_init(&buf, DYN_HTTP_REQUEST);
4723
4724  uc = curl_url_get(url, CURLUPART_HOST, &host, 0);
4725  if(uc && uc != CURLUE_NO_HOST)
4726    goto out;
4727  if(!host) {
4728    req->authority = NULL;
4729    result = CURLE_OK;
4730    goto out;
4731  }
4732
4733  uc = curl_url_get(url, CURLUPART_PORT, &port, CURLU_NO_DEFAULT_PORT);
4734  if(uc && uc != CURLUE_NO_PORT)
4735    goto out;
4736
4737  result = curlx_dyn_add(&buf, host);
4738  if(result)
4739    goto out;
4740  if(port) {
4741    result = curlx_dyn_addf(&buf, ":%s", port);
4742    if(result)
4743      goto out;
4744  }
4745  req->authority = curlx_dyn_ptr(&buf);
4746out:
4747  curlx_free(host);
4748  curlx_free(port);
4749  if(result)
4750    curlx_dyn_free(&buf);
4751  return result;
4752}
4753
4754static CURLcode req_assign_url_path(struct httpreq *req, CURLU *url)
4755{
4756  char *path, *query;
4757  struct dynbuf buf;
4758  CURLUcode uc;
4759  CURLcode result = CURLE_URL_MALFORMAT;
4760
4761  path = query = NULL;
4762  curlx_dyn_init(&buf, DYN_HTTP_REQUEST);
4763
4764  uc = curl_url_get(url, CURLUPART_PATH, &path, 0);
4765  if(uc)
4766    goto out;
4767  uc = curl_url_get(url, CURLUPART_QUERY, &query, 0);
4768  if(uc && uc != CURLUE_NO_QUERY)
4769    goto out;
4770
4771  if(!query) {
4772    req->path = path;
4773    path = NULL;
4774  }
4775  else {
4776    result = curlx_dyn_add(&buf, path);
4777    if(!result)
4778      result = curlx_dyn_addf(&buf, "?%s", query);
4779    if(result)
4780      goto out;
4781    req->path = curlx_dyn_ptr(&buf);
4782  }
4783  result = CURLE_OK;
4784
4785out:
4786  curlx_free(path);
4787  curlx_free(query);
4788  if(result)
4789    curlx_dyn_free(&buf);
4790  return result;
4791}
4792
4793CURLcode Curl_http_req_make2(struct httpreq **preq,
4794                             const char *method, size_t m_len,
4795                             CURLU *url, const char *scheme_default)
4796{
4797  struct httpreq *req;
4798  CURLcode result = CURLE_OUT_OF_MEMORY;
4799  CURLUcode uc;
4800
4801  DEBUGASSERT(method && m_len);
4802
4803  req = curlx_calloc(1, sizeof(*req) + m_len);
4804  if(!req)
4805    goto out;
4806  memcpy(req->method, method, m_len);
4807
4808  uc = curl_url_get(url, CURLUPART_SCHEME, &req->scheme, 0);
4809  if(uc && uc != CURLUE_NO_SCHEME)
4810    goto out;
4811  if(!req->scheme && scheme_default) {
4812    req->scheme = curlx_strdup(scheme_default);
4813    if(!req->scheme)
4814      goto out;
4815  }
4816
4817  result = req_assign_url_authority(req, url);
4818  if(result)
4819    goto out;
4820  result = req_assign_url_path(req, url);
4821  if(result)
4822    goto out;
4823
4824  Curl_dynhds_init(&req->headers, 0, DYN_HTTP_REQUEST);
4825  Curl_dynhds_init(&req->trailers, 0, DYN_HTTP_REQUEST);
4826  result = CURLE_OK;
4827
4828out:
4829  if(result && req)
4830    Curl_http_req_free(req);
4831  *preq = result ? NULL : req;
4832  return result;
4833}
4834
4835void Curl_http_req_free(struct httpreq *req)
4836{
4837  if(req) {
4838    curlx_free(req->scheme);
4839    curlx_free(req->authority);
4840    curlx_free(req->path);
4841    Curl_dynhds_free(&req->headers);
4842    Curl_dynhds_free(&req->trailers);
4843    curlx_free(req);
4844  }
4845}
4846
4847struct name_const {
4848  const char *name;
4849  size_t namelen;
4850};
4851
4852/* keep them sorted by length! */
4853static const struct name_const H2_NON_FIELD[] = {
4854  { STRCONST("Host") },
4855  { STRCONST("Upgrade") },
4856  { STRCONST("Connection") },
4857  { STRCONST("Keep-Alive") },
4858  { STRCONST("Proxy-Connection") },
4859  { STRCONST("Transfer-Encoding") },
4860};
4861
4862static bool h2_permissible_field(struct dynhds_entry *e)
4863{
4864  size_t i;
4865  for(i = 0; i < CURL_ARRAYSIZE(H2_NON_FIELD); ++i) {
4866    if(e->namelen < H2_NON_FIELD[i].namelen)
4867      return TRUE;
4868    if(e->namelen == H2_NON_FIELD[i].namelen &&
4869       curl_strequal(H2_NON_FIELD[i].name, e->name))
4870      return FALSE;
4871  }
4872  return TRUE;
4873}
4874
4875static bool http_TE_has_token(const char *fvalue, const char *token)
4876{
4877  while(*fvalue) {
4878    struct Curl_str name;
4879
4880    /* skip to first token */
4881    while(ISBLANK(*fvalue) || *fvalue == ',')
4882      fvalue++;
4883    if(curlx_str_cspn(&fvalue, &name, " \t\r;,"))
4884      return FALSE;
4885    if(curlx_str_casecompare(&name, token))
4886      return TRUE;
4887
4888    /* skip any remainder after token, e.g. parameters with quoted strings */
4889    while(*fvalue && *fvalue != ',') {
4890      if(*fvalue == '"') {
4891        struct Curl_str qw;
4892        /* if we do not cleanly find a quoted word here, the header value
4893         * does not follow HTTP syntax and we reject */
4894        if(curlx_str_quotedword(&fvalue, &qw, CURL_MAX_HTTP_HEADER))
4895          return FALSE;
4896      }
4897      else
4898        fvalue++;
4899    }
4900  }
4901  return FALSE;
4902}
4903
4904CURLcode Curl_http_req_to_h2(struct dynhds *h2_headers,
4905                             struct httpreq *req, struct Curl_easy *data)
4906{
4907  const char *scheme = NULL, *authority = NULL;
4908  struct dynhds_entry *e;
4909  size_t i;
4910  CURLcode result;
4911
4912  DEBUGASSERT(req);
4913  DEBUGASSERT(h2_headers);
4914
4915  if(req->scheme) {
4916    scheme = req->scheme;
4917  }
4918  else if(strcmp("CONNECT", req->method)) {
4919    scheme = Curl_checkheaders(data, STRCONST(HTTP_PSEUDO_SCHEME));
4920    if(scheme) {
4921      scheme += sizeof(HTTP_PSEUDO_SCHEME);
4922      curlx_str_passblanks(&scheme);
4923      infof(data, "set pseudo header %s to %s", HTTP_PSEUDO_SCHEME, scheme);
4924    }
4925    else {
4926      scheme = Curl_xfer_is_secure(data) ? "https" : "http";
4927    }
4928  }
4929
4930  if(req->authority) {
4931    authority = req->authority;
4932  }
4933  else {
4934    e = Curl_dynhds_get(&req->headers, STRCONST("Host"));
4935    if(e)
4936      authority = e->value;
4937  }
4938
4939  Curl_dynhds_reset(h2_headers);
4940  Curl_dynhds_set_opts(h2_headers, DYNHDS_OPT_LOWERCASE);
4941  result = Curl_dynhds_add(h2_headers, STRCONST(HTTP_PSEUDO_METHOD),
4942                           req->method, strlen(req->method));
4943  if(!result && scheme) {
4944    result = Curl_dynhds_add(h2_headers, STRCONST(HTTP_PSEUDO_SCHEME),
4945                             scheme, strlen(scheme));
4946  }
4947  if(!result && authority) {
4948    result = Curl_dynhds_add(h2_headers, STRCONST(HTTP_PSEUDO_AUTHORITY),
4949                             authority, strlen(authority));
4950  }
4951  if(!result && req->path) {
4952    result = Curl_dynhds_add(h2_headers, STRCONST(HTTP_PSEUDO_PATH),
4953                             req->path, strlen(req->path));
4954  }
4955  for(i = 0; !result && i < Curl_dynhds_count(&req->headers); ++i) {
4956    e = Curl_dynhds_getn(&req->headers, i);
4957    /* "TE" is special in that it is only permissible when it
4958     * has only value "trailers". RFC 9113 ch. 8.2.2 */
4959    if(e->namelen == 2 && curl_strequal("TE", e->name)) {
4960      if(http_TE_has_token(e->value, "trailers"))
4961        result = Curl_dynhds_add(h2_headers, e->name, e->namelen,
4962                                 "trailers", sizeof("trailers") - 1);
4963    }
4964    else if(h2_permissible_field(e)) {
4965      result = Curl_dynhds_add(h2_headers, e->name, e->namelen,
4966                               e->value, e->valuelen);
4967    }
4968  }
4969
4970  return result;
4971}
4972
4973CURLcode Curl_http_resp_make(struct http_resp **presp,
4974                             int status,
4975                             const char *description)
4976{
4977  struct http_resp *resp;
4978  CURLcode result = CURLE_OUT_OF_MEMORY;
4979
4980  resp = curlx_calloc(1, sizeof(*resp));
4981  if(!resp)
4982    goto out;
4983
4984  resp->status = status;
4985  if(description) {
4986    resp->description = curlx_strdup(description);
4987    if(!resp->description)
4988      goto out;
4989  }
4990  Curl_dynhds_init(&resp->headers, 0, DYN_HTTP_REQUEST);
4991  Curl_dynhds_init(&resp->trailers, 0, DYN_HTTP_REQUEST);
4992  result = CURLE_OK;
4993
4994out:
4995  if(result && resp)
4996    Curl_http_resp_free(resp);
4997  *presp = result ? NULL : resp;
4998  return result;
4999}
5000
5001void Curl_http_resp_free(struct http_resp *resp)
5002{
5003  if(resp) {
5004    curlx_free(resp->description);
5005    Curl_dynhds_free(&resp->headers);
5006    Curl_dynhds_free(&resp->trailers);
5007    if(resp->prev)
5008      Curl_http_resp_free(resp->prev);
5009    curlx_free(resp);
5010  }
5011}
5012
5013/*
5014 * HTTP handler interface.
5015 */
5016const struct Curl_protocol Curl_protocol_http = {
5017  Curl_http_setup_conn,                 /* setup_connection */
5018  Curl_http,                            /* do_it */
5019  Curl_http_done,                       /* done */
5020  ZERO_NULL,                            /* do_more */
5021  ZERO_NULL,                            /* connect_it */
5022  ZERO_NULL,                            /* connecting */
5023  ZERO_NULL,                            /* doing */
5024  ZERO_NULL,                            /* proto_pollset */
5025  Curl_http_doing_pollset,              /* doing_pollset */
5026  ZERO_NULL,                            /* domore_pollset */
5027  Curl_http_perform_pollset,            /* perform_pollset */
5028  ZERO_NULL,                            /* disconnect */
5029  Curl_http_write_resp,                 /* write_resp */
5030  Curl_http_write_resp_hd,              /* write_resp_hd */
5031  ZERO_NULL,                            /* connection_is_dead */
5032  ZERO_NULL,                            /* attach connection */
5033  Curl_http_follow,                     /* follow */
5034};
5035
5036#endif /* CURL_DISABLE_HTTP */